to_char(): prevent writing beyond the allocated buffer Previously very long localized month and weekday strings could overflow the allocated buffers, causing a server crash.
Reported and patch reviewed by Noah Misch. Backpatch to all supported versions. Security: CVE-2015-0241 Branch ------ REL9_0_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/56b970f2e98853bee7205022df4c5d38bafacdf5 Modified Files -------------- src/backend/utils/adt/formatting.c | 141 ++++++++++++++++++++++++++++++++---- 1 file changed, 126 insertions(+), 15 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
