port/snprintf(): fix overflow and do padding Prevent port/snprintf() from overflowing its local fixed-size buffer and pad to the desired number of digits with zeros, even if the precision is beyond the ability of the native sprintf(). port/snprintf() is only used on systems that lack a native snprintf().
Reported by Bruce Momjian. Patch by Tom Lane. Backpatch to all supported versions. Security: CVE-2015-0242 Branch ------ REL9_4_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/2ac95c83ce9321cb428bf3508a606df31c762ef1 Modified Files -------------- src/port/snprintf.c | 69 +++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 62 insertions(+), 7 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
