Avoid integer overflow and buffer overrun in hstore_to_json(). This back-patches commit 0c5783ff301ae3e470000c918bfc2395129de4c5 into the 9.3 branch. At the time, Heikki just thought he was fixing an unlikely integer-overflow scenario, but in point of fact the original coding was hopelessly broken: it supposed that escape_json never enlarges the data more than 2X, which is wrong on its face. The revised code eliminates making any a-priori assumptions about the output length.
Per report from Saul Costa. The bogus code doesn't exist before 9.3, so no other branches need fixing. Branch ------ REL9_3_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/f44290b7b3763f339ed66f883c0e85bb3c3c4e88 Modified Files -------------- contrib/hstore/hstore_io.c | 150 ++++++++++++-------------------------------- 1 file changed, 41 insertions(+), 109 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
