postgres
diff --git a/‎configure
Lines changed: 0 additions & 4 deletions b/‎configure
Lines changed: 0 additions & 4 deletions
diff --git a/‎configure.in
Lines changed: 4 additions & 4 deletions b/‎configure.in
Lines changed: 4 additions & 4 deletions
diff --git a/‎contrib/chkpass/chkpass.c
Lines changed: 20 additions & 4 deletions b/‎contrib/chkpass/chkpass.c
Lines changed: 20 additions & 4 deletions
diff --git a/‎contrib/hstore/hstore.h
Lines changed: 12 additions & 3 deletions b/‎contrib/hstore/hstore.h
Lines changed: 12 additions & 3 deletions
diff --git a/‎contrib/hstore/hstore_io.c
Lines changed: 62 additions & 109 deletions b/‎contrib/hstore/hstore_io.c
Lines changed: 62 additions & 109 deletions
@@ -10780,10 +10780,6 @@ rm -rf conftest*
 
 fi
 
-   # Autoconf 2.69's AC_SYS_LARGEFILE believes it's a good idea to #define
-   # _DARWIN_USE_64_BIT_INODE, but it isn't: on OS X 10.5 that activates a
-   # bug that causes readdir() to sometimes return EINVAL.  On later OS X
-   # versions where the feature actually works, it's on by default anyway.
 
 fi
 
 
@@ -1156,10 +1156,10 @@ esac
 # defines can affect what is generated for that.
 if test "$PORTNAME" != "win32"; then
    AC_SYS_LARGEFILE
-   # Autoconf 2.69's AC_SYS_LARGEFILE believes it's a good idea to #define
-   # _DARWIN_USE_64_BIT_INODE, but it isn't: on OS X 10.5 that activates a
-   # bug that causes readdir() to sometimes return EINVAL.  On later OS X
-   # versions where the feature actually works, it's on by default anyway.
+   dnl Autoconf 2.69's AC_SYS_LARGEFILE believes it's a good idea to #define
+   dnl _DARWIN_USE_64_BIT_INODE, but it isn't: on OS X 10.5 that activates a
+   dnl bug that causes readdir() to sometimes return EINVAL.  On later OS X
+   dnl versions where the feature actually works, it's on by default anyway.
    AH_VERBATIM([_DARWIN_USE_64_BIT_INODE],[])
 fi
 
 
@@ -94,11 +94,13 @@ chkpass_in(PG_FUNCTION_ARGS)
 	mysalt[2] = 0;				/* technically the terminator is not necessary
 								 * but I like to play safe */
 
-	if ((crypt_output = crypt(str, mysalt)) == NULL)
+	crypt_output = crypt(str, mysalt);
+	if (crypt_output == NULL)
 		ereport(ERROR,
 				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
 				 errmsg("crypt() failed")));
-	strcpy(result->password, crypt_output);
+
+	strlcpy(result->password, crypt_output, sizeof(result->password));
 
 	PG_RETURN_POINTER(result);
 }
@@ -148,9 +150,16 @@ chkpass_eq(PG_FUNCTION_ARGS)
 	chkpass    *a1 = (chkpass *) PG_GETARG_POINTER(0);
 	text	   *a2 = PG_GETARG_TEXT_PP(1);
 	char		str[9];
+	char	   *crypt_output;
 
 	text_to_cstring_buffer(a2, str, sizeof(str));
-	PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) == 0);
+	crypt_output = crypt(str, a1->password);
+	if (crypt_output == NULL)
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+				 errmsg("crypt() failed")));
+
+	PG_RETURN_BOOL(strcmp(a1->password, crypt_output) == 0);
 }
 
 PG_FUNCTION_INFO_V1(chkpass_ne);
@@ -160,7 +169,14 @@ chkpass_ne(PG_FUNCTION_ARGS)
 	chkpass    *a1 = (chkpass *) PG_GETARG_POINTER(0);
 	text	   *a2 = PG_GETARG_TEXT_PP(1);
 	char		str[9];
+	char	   *crypt_output;
 
 	text_to_cstring_buffer(a2, str, sizeof(str));
-	PG_RETURN_BOOL(strcmp(a1->password, crypt(str, a1->password)) != 0);
+	crypt_output = crypt(str, a1->password);
+	if (crypt_output == NULL)
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+				 errmsg("crypt() failed")));
+
+	PG_RETURN_BOOL(strcmp(a1->password, crypt_output) != 0);
 }
@@ -49,16 +49,25 @@ typedef struct
 } HStore;
 
 /*
- * it's not possible to get more than 2^28 items into an hstore,
- * so we reserve the top few bits of the size field. See hstore_compat.c
- * for one reason why.	Some bits are left for future use here.
+ * It's not possible to get more than 2^28 items into an hstore, so we reserve
+ * the top few bits of the size field.  See hstore_compat.c for one reason
+ * why.  Some bits are left for future use here.  MaxAllocSize makes the
+ * practical count limit slightly more than 2^28 / 3, or INT_MAX / 24, the
+ * limit for an hstore full of 4-byte keys and null values.  Therefore, we
+ * don't explicitly check the format-imposed limit.
  */
 #define HS_FLAG_NEWVERSION 0x80000000
 
 #define HS_COUNT(hsp_) ((hsp_)->size_ & 0x0FFFFFFF)
 #define HS_SETCOUNT(hsp_,c_) ((hsp_)->size_ = (c_) | HS_FLAG_NEWVERSION)
 
 
+/*
+ * "x" comes from an existing HS_COUNT() (as discussed, <= INT_MAX/24) or a
+ * Pairs array length (due to MaxAllocSize, <= INT_MAX/40).  "lenstr" is no
+ * more than INT_MAX, that extreme case arising in hstore_from_arrays().
+ * Therefore, this calculation is limited to about INT_MAX / 5 + INT_MAX.
+ */
 #define HSHRDSIZE	(sizeof(HStore))
 #define CALCDATASIZE(x, lenstr) ( (x) * 2 * sizeof(HEntry) + HSHRDSIZE + (lenstr) )
 
 
@@ -13,6 +13,7 @@
 #include "utils/builtins.h"
 #include "utils/json.h"
 #include "utils/lsyscache.h"
+#include "utils/memutils.h"
 #include "utils/typcache.h"
 
 #include "hstore.h"
@@ -439,6 +440,11 @@ hstore_recv(PG_FUNCTION_ARGS)
 		PG_RETURN_POINTER(out);
 	}
 
+	if (pcount < 0 || pcount > MaxAllocSize / sizeof(Pairs))
+		ereport(ERROR,
+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+			  errmsg("number of pairs (%d) exceeds the maximum allowed (%d)",
+					 pcount, (int) (MaxAllocSize / sizeof(Pairs)))));
 	pairs = palloc(pcount * sizeof(Pairs));
 
 	for (i = 0; i < pcount; ++i)
@@ -554,6 +560,13 @@ hstore_from_arrays(PG_FUNCTION_ARGS)
 					  TEXTOID, -1, false, 'i',
 					  &key_datums, &key_nulls, &key_count);
 
+	/* see discussion in hstoreArrayToPairs() */
+	if (key_count > MaxAllocSize / sizeof(Pairs))
+		ereport(ERROR,
+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+			  errmsg("number of pairs (%d) exceeds the maximum allowed (%d)",
+					 key_count, (int) (MaxAllocSize / sizeof(Pairs)))));
+
 	/* value_array might be NULL */
 
 	if (PG_ARGISNULL(1))
@@ -676,6 +689,13 @@ hstore_from_array(PG_FUNCTION_ARGS)
 
 	count = in_count / 2;
 
+	/* see discussion in hstoreArrayToPairs() */
+	if (count > MaxAllocSize / sizeof(Pairs))
+		ereport(ERROR,
+				(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+			  errmsg("number of pairs (%d) exceeds the maximum allowed (%d)",
+					 count, (int) (MaxAllocSize / sizeof(Pairs)))));
+
 	pairs = palloc(count * sizeof(Pairs));
 
 	for (i = 0; i < count; ++i)
@@ -807,6 +827,7 @@ hstore_from_record(PG_FUNCTION_ARGS)
 		my_extra->ncolumns = ncolumns;
 	}
 
+	Assert(ncolumns <= MaxTupleAttributeNumber);		/* thus, no overflow */
 	pairs = palloc(ncolumns * sizeof(Pairs));
 
 	if (rec)
@@ -1224,77 +1245,49 @@ Datum
 hstore_to_json_loose(PG_FUNCTION_ARGS)
 {
 	HStore	   *in = PG_GETARG_HS(0);
-	int			buflen,
-				i;
+	int			i;
 	int			count = HS_COUNT(in);
-	char	   *out,
-			   *ptr;
 	char	   *base = STRPTR(in);
 	HEntry	   *entries = ARRPTR(in);
 	bool		is_number;
-	StringInfo	src,
+	StringInfoData tmp,
 				dst;
 
 	if (count == 0)
 		PG_RETURN_TEXT_P(cstring_to_text_with_len("{}",2));
 
-	buflen = 3;
-
-	/*
-	 * Formula adjusted slightly from the logic in hstore_out. We have to take
-	 * account of out treatment of booleans to be a bit more pessimistic about
-	 * the length of values.
-	 */
-
-	for (i = 0; i < count; i++)
-	{
-		/* include "" and colon-space and comma-space */
-		buflen += 6 + 2 * HS_KEYLEN(entries, i);
-		/* include "" only if nonnull */
-		buflen += 3 + (HS_VALISNULL(entries, i)
-					   ? 1
-					   : 2 * HS_VALLEN(entries, i));
-	}
+	initStringInfo(&tmp);
+	initStringInfo(&dst);
 
-	out = ptr = palloc(buflen);
-
-	src = makeStringInfo();
-	dst = makeStringInfo();
-
-	*ptr++ = '{';
+	appendStringInfoChar(&dst, '{');
 
 	for (i = 0; i < count; i++)
 	{
-		resetStringInfo(src);
-		resetStringInfo(dst);
-		appendBinaryStringInfo(src, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
-		escape_json(dst, src->data);
-		strncpy(ptr, dst->data, dst->len);
-		ptr += dst->len;
-		*ptr++ = ':';
-		*ptr++ = ' ';
-		resetStringInfo(dst);
+		resetStringInfo(&tmp);
+		appendBinaryStringInfo(&tmp, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
+		escape_json(&dst, tmp.data);
+		appendStringInfoString(&dst, ": ");
 		if (HS_VALISNULL(entries, i))
-			appendStringInfoString(dst, "null");
+			appendStringInfoString(&dst, "null");
 		/* guess that values of 't' or 'f' are booleans */
 		else if (HS_VALLEN(entries, i) == 1 && *(HS_VAL(entries, base, i)) == 't')
-			appendStringInfoString(dst, "true");
+			appendStringInfoString(&dst, "true");
 		else if (HS_VALLEN(entries, i) == 1 && *(HS_VAL(entries, base, i)) == 'f')
-			appendStringInfoString(dst, "false");
+			appendStringInfoString(&dst, "false");
 		else
 		{
 			is_number = false;
-			resetStringInfo(src);
-			appendBinaryStringInfo(src, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
+			resetStringInfo(&tmp);
+			appendBinaryStringInfo(&tmp, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
 
 			/*
 			 * don't treat something with a leading zero followed by another
 			 * digit as numeric - could be a zip code or similar
 			 */
-			if (src->len > 0 &&
-				!(src->data[0] == '0' &&
-				  isdigit((unsigned char) src->data[1])) &&
-				strspn(src->data, "+-0123456789Ee.") == src->len)
+			if (tmp.len > 0 &&
+				!(tmp.data[0] == '0' &&
+				  isdigit((unsigned char) tmp.data[1])) &&
+				strspn(tmp.data, "+-0123456789Ee.") == tmp.len)
 			{
 				/*
 				 * might be a number. See if we can input it as a numeric
@@ -1303,7 +1296,7 @@ hstore_to_json_loose(PG_FUNCTION_ARGS)
 				char	   *endptr = "junk";
 				long		lval;
 
-				lval = strtol(src->data, &endptr, 10);
+				lval = strtol(tmp.data, &endptr, 10);
 				(void) lval;
 				if (*endptr == '\0')
 				{
@@ -1318,30 +1311,24 @@ hstore_to_json_loose(PG_FUNCTION_ARGS)
 					/* not an int - try a double */
 					double		dval;
 
-					dval = strtod(src->data, &endptr);
+					dval = strtod(tmp.data, &endptr);
 					(void) dval;
 					if (*endptr == '\0')
 						is_number = true;
 				}
 			}
 			if (is_number)
-				appendBinaryStringInfo(dst, src->data, src->len);
+				appendBinaryStringInfo(&dst, tmp.data, tmp.len);
 			else
-				escape_json(dst, src->data);
+				escape_json(&dst, tmp.data);
 		}
-		strncpy(ptr, dst->data, dst->len);
-		ptr += dst->len;
 
 		if (i + 1 != count)
-		{
-			*ptr++ = ',';
-			*ptr++ = ' ';
-		}
+			appendStringInfoString(&dst, ", ");
 	}
-	*ptr++ = '}';
-	*ptr = '\0';
+	appendStringInfoChar(&dst, '}');
 
-	PG_RETURN_TEXT_P(cstring_to_text(out));
+	PG_RETURN_TEXT_P(cstring_to_text(dst.data));
 }
 
 PG_FUNCTION_INFO_V1(hstore_to_json);
@@ -1350,74 +1337,40 @@ Datum
 hstore_to_json(PG_FUNCTION_ARGS)
 {
 	HStore	   *in = PG_GETARG_HS(0);
-	int			buflen,
-				i;
+	int			i;
 	int			count = HS_COUNT(in);
-	char	   *out,
-			   *ptr;
 	char	   *base = STRPTR(in);
 	HEntry	   *entries = ARRPTR(in);
-	StringInfo	src,
+	StringInfoData tmp,
 				dst;
 
 	if (count == 0)
 		PG_RETURN_TEXT_P(cstring_to_text_with_len("{}",2));
 
-	buflen = 3;
+	initStringInfo(&tmp);
+	initStringInfo(&dst);
 
-	/*
-	 * Formula adjusted slightly from the logic in hstore_out. We have to take
-	 * account of out treatment of booleans to be a bit more pessimistic about
-	 * the length of values.
-	 */
+	appendStringInfoChar(&dst, '{');
 
 	for (i = 0; i < count; i++)
 	{
-		/* include "" and colon-space and comma-space */
-		buflen += 6 + 2 * HS_KEYLEN(entries, i);
-		/* include "" only if nonnull */
-		buflen += 3 + (HS_VALISNULL(entries, i)
-					   ? 1
-					   : 2 * HS_VALLEN(entries, i));
-	}
-
-	out = ptr = palloc(buflen);
-
-	src = makeStringInfo();
-	dst = makeStringInfo();
-
-	*ptr++ = '{';
-
-	for (i = 0; i < count; i++)
-	{
-		resetStringInfo(src);
-		resetStringInfo(dst);
-		appendBinaryStringInfo(src, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
-		escape_json(dst, src->data);
-		strncpy(ptr, dst->data, dst->len);
-		ptr += dst->len;
-		*ptr++ = ':';
-		*ptr++ = ' ';
-		resetStringInfo(dst);
+		resetStringInfo(&tmp);
+		appendBinaryStringInfo(&tmp, HS_KEY(entries, base, i), HS_KEYLEN(entries, i));
+		escape_json(&dst, tmp.data);
+		appendStringInfoString(&dst, ": ");
 		if (HS_VALISNULL(entries, i))
-			appendStringInfoString(dst, "null");
+			appendStringInfoString(&dst, "null");
 		else
 		{
-			resetStringInfo(src);
-			appendBinaryStringInfo(src, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
-			escape_json(dst, src->data);
+			resetStringInfo(&tmp);
+			appendBinaryStringInfo(&tmp, HS_VAL(entries, base, i), HS_VALLEN(entries, i));
+			escape_json(&dst, tmp.data);
 		}
-		strncpy(ptr, dst->data, dst->len);
-		ptr += dst->len;
 
 		if (i + 1 != count)
-		{
-			*ptr++ = ',';
-			*ptr++ = ' ';
-		}
+			appendStringInfoString(&dst, ", ");
 	}
-	*ptr++ = '}';
-	*ptr = '\0';
+	appendStringInfoChar(&dst, '}');
 
-	PG_RETURN_TEXT_P(cstring_to_text(out));
+	PG_RETURN_TEXT_P(cstring_to_text(dst.data));
 }