Re: [HACKERS] Further issues with jsonb semantics, documentation

Andrew Dunstan Fri, 12 Jun 2015 16:32:07 -0700


On 06/12/2015 06:16 PM, Peter Geoghegan wrote:

On Thu, Jun 4, 2015 at 5:43 PM, Peter Geoghegan <p...@heroku.com> wrote:

BTW, there is a bug here -- strtol() needs additional defenses [1]
(before casting to int):


postgres=# select jsonb_set('[1, 2, 3, 4,
5,6,7,8,9,10,11,12,13,14,15,16,17,18]',
'{"9223372036854775806"}'::text[], '"Input unsanitized"', false) ;
                                     jsonb_set
----------------------------------------------------------------------------------
  [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, "Input
unsanitized", 18]
(1 row)

[1] 
https://www.securecoding.cert.org/confluence/display/cplusplus/INT06-CPP.+Use+strtol()+or+a+related+function+to+convert+a+string+token+to+an+integer

I attach a fix for this bug. The commit message explains everything.

OK, pushed, although you'd have to be trying really hard to break this.Still, it's reasonable to defend against.


cheers

andrew


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Further issues with jsonb semantics, documentation

Reply via email to