Great, thanks for applying this. I was traveling so am only now back to
looking at this.
---------------------------------------------------------------------------
On Tue, Oct 22, 2024 at 11:35:51PM +0000, Michael Paquier wrote:
> ecpg: Fix out-of-bound read in DecodeDateTime()
>
> It was possible for the code to read out-of-bound data from the
> "day_tab" table with some crafted input data. Let's treat these as
> invalid input as the month number is incorrect.
>
> A test is added to test this case with a check on the errno returned by
> the decoding routine. A test close to the new one added in this commit
> was testing for a failure, but did not look at the errno generated, so
> let's use this commit to also change it, adding a check on the errno
> returned by DecodeDateTime().
>
> Like the other test scripts, dt_test should likely be expanded to
> include more checks based on the errnos generated in these code paths.
> This is left as future work.
>
> This issue exists since 2e6f97560a83, so backpatch all the way down.
>
> Reported-by: Pavel Nekrasov
> Author: Bruce Momjian, Pavel Nekrasov
> Discussion: https://postgr.es/m/18614-6bbe00117352309e@postgresql.org
> Backpatch-through: 12
>
> Branch
> ------
> master
>
> Details
> -------
> https://git.postgresql.org/pg/commitdiff/a0bff38d133ac95fb56bbd868a128bba95ec46c9
>
> Modified Files
> --------------
> src/interfaces/ecpg/pgtypeslib/dt_common.c | 6 +-
> .../ecpg/test/expected/pgtypeslib-dt_test.c | 76 +++++++++++++++-------
> .../ecpg/test/expected/pgtypeslib-dt_test.stderr | 42 ++++++------
> .../ecpg/test/expected/pgtypeslib-dt_test.stdout | 3 +-
> src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc | 30 +++++++++
> 5 files changed, 109 insertions(+), 48 deletions(-)
>
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"
