summaryrefslogtreecommitdiff
path: root/src/backend/utils/adt/oracle_compat.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/utils/adt/oracle_compat.c')
-rw-r--r--src/backend/utils/adt/oracle_compat.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/src/backend/utils/adt/oracle_compat.c b/src/backend/utils/adt/oracle_compat.c
index d4391f764fc..2f91e03e0ac 100644
--- a/src/backend/utils/adt/oracle_compat.c
+++ b/src/backend/utils/adt/oracle_compat.c
@@ -9,7 +9,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/adt/oracle_compat.c,v 1.37 2002/01/08 17:03:41 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/oracle_compat.c,v 1.37.2.1 2002/08/22 05:27:41 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -199,6 +199,11 @@ lpad(PG_FUNCTION_ARGS)
#ifdef MULTIBYTE
bytelen = pg_database_encoding_max_length() * len;
+
+ /* check for integer overflow */
+ if (len != 0 && bytelen / pg_database_encoding_max_length() != len)
+ elog(ERROR, "Requested length too large");
+
ret = (text *) palloc(VARHDRSZ + bytelen);
#else
ret = (text *) palloc(VARHDRSZ + len);
@@ -310,6 +315,11 @@ rpad(PG_FUNCTION_ARGS)
#ifdef MULTIBYTE
bytelen = pg_database_encoding_max_length() * len;
+
+ /* Check for integer overflow */
+ if (len != 0 && bytelen / pg_database_encoding_max_length() != len)
+ elog(ERROR, "Requested length too large");
+
ret = (text *) palloc(VARHDRSZ + bytelen);
#else
ret = (text *) palloc(VARHDRSZ + len);
@@ -997,6 +1007,16 @@ repeat(PG_FUNCTION_ARGS)
slen = (VARSIZE(string) - VARHDRSZ);
tlen = (VARHDRSZ + (count * slen));
+ /* Check for integer overflow */
+ if (slen != 0 && count != 0)
+ {
+ int check = count * slen;
+ int check2 = check + VARHDRSZ;
+
+ if ((check / slen) != count || check2 <= check)
+ elog(ERROR, "Requested buffer is too large.");
+ }
+
result = (text *) palloc(tlen);
VARATT_SIZEP(result) = tlen;
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-28 15:36:28 +0000