postgres
diff --git a/‎configure‎
Lines changed: 0 additions & 4 deletions b/‎configure‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎configure.in‎
Lines changed: 4 additions & 4 deletions b/‎configure.in‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎contrib/chkpass/chkpass.c‎
Lines changed: 20 additions & 4 deletions b/‎contrib/chkpass/chkpass.c‎
Lines changed: 20 additions & 4 deletions
diff --git a/‎contrib/hstore/hstore.h‎
Lines changed: 12 additions & 3 deletions b/‎contrib/hstore/hstore.h‎
Lines changed: 12 additions & 3 deletions
diff --git a/‎contrib/hstore/hstore_io.c‎
Lines changed: 62 additions & 109 deletions b/‎contrib/hstore/hstore_io.c‎
Lines changed: 62 additions & 109 deletions
@@ -10780,10 +10780,6 @@ rm -rf conftest*
 
 fi
 
- # Autoconf 2.69's AC_SYS_LARGEFILE believes it's a good idea to #define
- # _DARWIN_USE_64_BIT_INODE, but it isn't: on OS X 10.5 that activates a
- # bug that causes readdir() to sometimes return EINVAL.  On later OS X
- # versions where the feature actually works, it's on by default anyway.
 
 fi
 
 
@@ -1156,10 +1156,10 @@ esac
 # defines can affect what is generated for that.
 if test "$PORTNAME" != "win32"; then
    AC_SYS_LARGEFILE
- # Autoconf 2.69's AC_SYS_LARGEFILE believes it's a good idea to #define
- # _DARWIN_USE_64_BIT_INODE, but it isn't: on OS X 10.5 that activates a
- # bug that causes readdir() to sometimes return EINVAL.  On later OS X
- # versions where the feature actually works, it's on by default anyway.
+ dnl Autoconf 2.69's AC_SYS_LARGEFILE believes it's a good idea to #define
+ dnl _DARWIN_USE_64_BIT_INODE, but it isn't: on OS X 10.5 that activates a
+ dnl bug that causes readdir() to sometimes return EINVAL.  On later OS X
+ dnl versions where the feature actually works, it's on by default anyway.
    AH_VERBATIM([_DARWIN_USE_64_BIT_INODE],[])
 fi
 
 
@@ -94,11 +94,13 @@ chkpass_in(PG_FUNCTION_ARGS)
  mysalt[2] = 0;				/* technically the terminator is not necessary
 								 * but I like to play safe */
 
- if ((crypt_output = crypt(str, mysalt)) == NULL)
+ crypt_output = crypt(str, mysalt);
+ if (crypt_output == NULL)
  ereport(ERROR,
 				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
  errmsg("crypt() failed")));
- strcpy(result->password, crypt_output);
+
+ strlcpy(result->password, crypt_output, sizeof(result->password));
 
  PG_RETURN_POINTER(result);
 }
@@ -148,9 +150,16 @@ chkpass_eq(PG_FUNCTION_ARGS)
  chkpass *a1 = (chkpass *) PG_GETARG_POINTER(0);
  text *a2 = PG_GETARG_TEXT_PP(1);
  char str[9];
+ char *crypt_output;
 
  text_to_cstring_buffer(a2, str, sizeof(str));
- PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) == 0);
+ crypt_output = crypt(str, a1->password);
+ if (crypt_output == NULL)
+ ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("crypt() failed")));
+
+ PG_RETURN_BOOL(strcmp(a1->password, crypt_output) == 0);
 }
 
 PG_FUNCTION_INFO_V1(chkpass_ne);
@@ -160,7 +169,14 @@ chkpass_ne(PG_FUNCTION_ARGS)
  chkpass *a1 = (chkpass *) PG_GETARG_POINTER(0);
  text *a2 = PG_GETARG_TEXT_PP(1);
  char str[9];
+ char *crypt_output;
 
  text_to_cstring_buffer(a2, str, sizeof(str));
- PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) != 0);
+ crypt_output = crypt(str, a1->password);
+ if (crypt_output == NULL)
+ ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("crypt() failed")));
+
+ PG_RETURN_BOOL(strcmp(a1->password, crypt_output) != 0);
 }
@@ -49,16 +49,25 @@ typedef struct
 } HStore;
 
 /*
- * it's not possible to get more than 2^28 items into an hstore,
- * so we reserve the top few bits of the size field. See hstore_compat.c
- * for one reason why.	Some bits are left for future use here.
+ * It's not possible to get more than 2^28 items into an hstore, so we reserve
+ * the top few bits of the size field.  See hstore_compat.c for one reason
+ * why.  Some bits are left for future use here.  MaxAllocSize makes the
+ * practical count limit slightly more than 2^28 / 3, or INT_MAX / 24, the
+ * limit for an hstore full of 4-byte keys and null values.  Therefore, we
+ * don't explicitly check the format-imposed limit.
  */
 #define HS_FLAG_NEWVERSION 0x80000000
 
 #define HS_COUNT(hsp_) ((hsp_)->size_ & 0x0FFFFFFF)
 #define HS_SETCOUNT(hsp_,c_) ((hsp_)->size_ = (c_) | HS_FLAG_NEWVERSION)
 
 
+/*
+ * "x" comes from an existing HS_COUNT() (as discussed, <= INT_MAX/24) or a
+ * Pairs array length (due to MaxAllocSize, <= INT_MAX/40).  "lenstr" is no
+ * more than INT_MAX, that extreme case arising in hstore_from_arrays().
+ * Therefore, this calculation is limited to about INT_MAX / 5 + INT_MAX.
+ */
 #define HSHRDSIZE	(sizeof(HStore))
 #define CALCDATASIZE(x, lenstr) ( (x) * 2 * sizeof(HEntry) + HSHRDSIZE + (lenstr) )
 
 
@@ -13,6 +13,7 @@
 #include "utils/builtins.h"
 #include "utils/json.h"
 #include "utils/lsyscache.h"
+#include "utils/memutils.h"
 #include "utils/typcache.h"
 
 #include "hstore.h"
@@ -439,6 +440,11 @@ hstore_recv(PG_FUNCTION_ARGS)
  PG_RETURN_POINTER(out);
 	}
 
+ if (pcount < 0 || pcount > MaxAllocSize / sizeof(Pairs))
+ ereport(ERROR,
+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("number of pairs (%d) exceeds the maximum allowed (%d)",
+ pcount, (int) (MaxAllocSize / sizeof(Pairs)))));
  pairs = palloc(pcount * sizeof(Pairs));
 
  for (i = 0; i < pcount; ++i)
@@ -554,6 +560,13 @@ hstore_from_arrays(PG_FUNCTION_ARGS)
  TEXTOID, -1, false, 'i',
  &key_datums, &key_nulls, &key_count);
 
+ /* see discussion in hstoreArrayToPairs() */
+ if (key_count > MaxAllocSize / sizeof(Pairs))
+ ereport(ERROR,
+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("number of pairs (%d) exceeds the maximum allowed (%d)",
+ key_count, (int) (MaxAllocSize / sizeof(Pairs)))));
+
  /* value_array might be NULL */
 
  if (PG_ARGISNULL(1))
@@ -676,6 +689,13 @@ hstore_from_array(PG_FUNCTION_ARGS)
 
  count = in_count / 2;
 
+ /* see discussion in hstoreArrayToPairs() */
+ if (count > MaxAllocSize / sizeof(Pairs))
+ ereport(ERROR,
+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("number of pairs (%d) exceeds the maximum allowed (%d)",
+ count, (int) (MaxAllocSize / sizeof(Pairs)))));
+
  pairs = palloc(count * sizeof(Pairs));
 
  for (i = 0; i < count; ++i)
@@ -807,6 +827,7 @@ hstore_from_record(PG_FUNCTION_ARGS)
  my_extra->ncolumns = ncolumns;
 	}
 
+ Assert(ncolumns <= MaxTupleAttributeNumber);		/* thus, no overflow */
  pairs = palloc(ncolumns * sizeof(Pairs));
 
  if (rec)
@@ -1224,77 +1245,49 @@ Datum
 hstore_to_json_loose(PG_FUNCTION_ARGS)
 {
  HStore *in = PG_GETARG_HS(0);
- int buflen,
- i;
+ int i;
  int count = HS_COUNT(in);
- char *out,
- *ptr;
  char *base = STRPTR(in);
  HEntry *entries = ARRPTR(in);
  bool is_number;
- StringInfo src,
+ StringInfoData tmp,
  dst;
 
  if (count == 0)
  PG_RETURN_TEXT_P(cstring_to_text_with_len("{}",2));
 
- buflen = 3;
-
- /*
-	 * Formula adjusted slightly from the logic in hstore_out. We have to take
-	 * account of out treatment of booleans to be a bit more pessimistic about
-	 * the length of values.
-	 */
-
- for (i = 0; i < count; i++)
-	{
- /* include "" and colon-space and comma-space */
- buflen += 6 + 2 * HS_KEYLEN(entries, i);
- /* include "" only if nonnull */
- buflen += 3 + (HS_VALISNULL(entries, i)
-					   ? 1
-					   : 2 * HS_VALLEN(entries, i));
-	}
+ initStringInfo(&tmp);
+ initStringInfo(&dst);
 
- out = ptr = palloc(buflen);
-
- src = makeStringInfo();
- dst = makeStringInfo();
-
- *ptr++ = '{';
+ appendStringInfoChar(&dst, '{');
 
  for (i = 0; i < count; i++)
 	{
- resetStringInfo(src);
- resetStringInfo(dst);
- appendBinaryStringInfo(src, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
- escape_json(dst, src->data);
- strncpy(ptr, dst->data, dst->len);
- ptr += dst->len;
- *ptr++ = ':';
- *ptr++ = ' ';
- resetStringInfo(dst);
+ resetStringInfo(&tmp);
+ appendBinaryStringInfo(&tmp, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
+ escape_json(&dst, tmp.data);
+ appendStringInfoString(&dst, ": ");
  if (HS_VALISNULL(entries, i))
- appendStringInfoString(dst, "null");
+ appendStringInfoString(&dst, "null");
  /* guess that values of 't' or 'f' are booleans */
  else if (HS_VALLEN(entries, i) == 1 && *(HS_VAL(entries, base, i)) == 't')
- appendStringInfoString(dst, "true");
+ appendStringInfoString(&dst, "true");
  else if (HS_VALLEN(entries, i) == 1 && *(HS_VAL(entries, base, i)) == 'f')
- appendStringInfoString(dst, "false");
+ appendStringInfoString(&dst, "false");
  else
 		{
  is_number = false;
- resetStringInfo(src);
- appendBinaryStringInfo(src, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
+ resetStringInfo(&tmp);
+ appendBinaryStringInfo(&tmp, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
 
  /*
 			 * don't treat something with a leading zero followed by another
 			 * digit as numeric - could be a zip code or similar
 			 */
- if (src->len > 0 &&
-				!(src->data[0] == '0' &&
- isdigit((unsigned char) src->data[1])) &&
- strspn(src->data, "+-0123456789Ee.") == src->len)
+ if (tmp.len > 0 &&
+				!(tmp.data[0] == '0' &&
+ isdigit((unsigned char) tmp.data[1])) &&
+ strspn(tmp.data, "+-0123456789Ee.") == tmp.len)
 			{
  /*
 				 * might be a number. See if we can input it as a numeric
@@ -1303,7 +1296,7 @@ hstore_to_json_loose(PG_FUNCTION_ARGS)
  char *endptr = "junk";
  long lval;
 
- lval = strtol(src->data, &endptr, 10);
+ lval = strtol(tmp.data, &endptr, 10);
 				(void) lval;
  if (*endptr == '\0')
 				{
@@ -1318,30 +1311,24 @@ hstore_to_json_loose(PG_FUNCTION_ARGS)
  /* not an int - try a double */
  double dval;
 
- dval = strtod(src->data, &endptr);
+ dval = strtod(tmp.data, &endptr);
 					(void) dval;
  if (*endptr == '\0')
  is_number = true;
 				}
 			}
  if (is_number)
- appendBinaryStringInfo(dst, src->data, src->len);
+ appendBinaryStringInfo(&dst, tmp.data, tmp.len);
  else
- escape_json(dst, src->data);
+ escape_json(&dst, tmp.data);
 		}
- strncpy(ptr, dst->data, dst->len);
- ptr += dst->len;
 
  if (i + 1 != count)
-		{
- *ptr++ = ',';
- *ptr++ = ' ';
-		}
+ appendStringInfoString(&dst, ", ");
 	}
- *ptr++ = '}';
- *ptr = '\0';
+ appendStringInfoChar(&dst, '}');
 
- PG_RETURN_TEXT_P(cstring_to_text(out));
+ PG_RETURN_TEXT_P(cstring_to_text(dst.data));
 }
 
 PG_FUNCTION_INFO_V1(hstore_to_json);
@@ -1350,74 +1337,40 @@ Datum
 hstore_to_json(PG_FUNCTION_ARGS)
 {
  HStore *in = PG_GETARG_HS(0);
- int buflen,
- i;
+ int i;
  int count = HS_COUNT(in);
- char *out,
- *ptr;
  char *base = STRPTR(in);
  HEntry *entries = ARRPTR(in);
- StringInfo src,
+ StringInfoData tmp,
  dst;
 
  if (count == 0)
  PG_RETURN_TEXT_P(cstring_to_text_with_len("{}",2));
 
- buflen = 3;
+ initStringInfo(&tmp);
+ initStringInfo(&dst);
 
- /*
-	 * Formula adjusted slightly from the logic in hstore_out. We have to take
-	 * account of out treatment of booleans to be a bit more pessimistic about
-	 * the length of values.
-	 */
+ appendStringInfoChar(&dst, '{');
 
  for (i = 0; i < count; i++)
 	{
- /* include "" and colon-space and comma-space */
- buflen += 6 + 2 * HS_KEYLEN(entries, i);
- /* include "" only if nonnull */
- buflen += 3 + (HS_VALISNULL(entries, i)
-					   ? 1
-					   : 2 * HS_VALLEN(entries, i));
-	}
-
- out = ptr = palloc(buflen);
-
- src = makeStringInfo();
- dst = makeStringInfo();
-
- *ptr++ = '{';
-
- for (i = 0; i < count; i++)
-	{
- resetStringInfo(src);
- resetStringInfo(dst);
- appendBinaryStringInfo(src, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
- escape_json(dst, src->data);
- strncpy(ptr, dst->data, dst->len);
- ptr += dst->len;
- *ptr++ = ':';
- *ptr++ = ' ';
- resetStringInfo(dst);
+ resetStringInfo(&tmp);
+ appendBinaryStringInfo(&tmp, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
+ escape_json(&dst, tmp.data);
+ appendStringInfoString(&dst, ": ");
  if (HS_VALISNULL(entries, i))
- appendStringInfoString(dst, "null");
+ appendStringInfoString(&dst, "null");
  else
 		{
- resetStringInfo(src);
- appendBinaryStringInfo(src, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
- escape_json(dst, src->data);
+ resetStringInfo(&tmp);
+ appendBinaryStringInfo(&tmp, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
+ escape_json(&dst, tmp.data);
 		}
- strncpy(ptr, dst->data, dst->len);
- ptr += dst->len;
 
  if (i + 1 != count)
-		{
- *ptr++ = ',';
- *ptr++ = ' ';
-		}
+ appendStringInfoString(&dst, ", ");
 	}
- *ptr++ = '}';
- *ptr = '\0';
+ appendStringInfoChar(&dst, '}');
 
- PG_RETURN_TEXT_P(cstring_to_text(out));
+ PG_RETURN_TEXT_P(cstring_to_text(dst.data));
 }