Ensure maxlen is at leat 1 in dict_int

tvondra · tvondra · commit b5273943679d · 2019-12-03T18:40:07.000+01:00
The dict_int text search dictionary template accepts maxlen parameter, which is then used to cap the length of input strings. The value was not properly checked, and the code simply does txt[d->maxlen] = '\0'; to insert a terminator, leading to segfaults with negative values. This commit simply rejects values less than 1. The issue was there since dct_int was introduced in 9.3, so backpatch all the way back to 9.4 which is the oldest supported version. Reported-by: cili Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org Backpatch-through: 9.4
diff --git a/contrib/dict_int/dict_int.c b/contrib/dict_int/dict_int.c
@@ -45,6 +45,11 @@ dintdict_init(PG_FUNCTION_ARGS)
 		if (strcmp(defel->defname, "maxlen") == 0)
 		{
 			d->maxlen = atoi(defGetString(defel));
+
+			if (d->maxlen < 1)
+				ereport(ERROR,
+						(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+						 errmsg("maxlen value has to be >= 1")));
 		}
 		else if (strcmp(defel->defname, "rejectlong") == 0)
 		{
diff --git a/contrib/dict_int/expected/dict_int.out b/contrib/dict_int/expected/dict_int.out
@@ -300,3 +300,5 @@ select ts_lexize('intdict', '314532610153');
  {314532}
 (1 row)
 
+ALTER TEXT SEARCH DICTIONARY intdict (MAXLEN = -214783648);
+ERROR:  maxlen value has to be >= 1
diff --git a/contrib/dict_int/sql/dict_int.sql b/contrib/dict_int/sql/dict_int.sql
@@ -51,3 +51,5 @@ select ts_lexize('intdict', '252281774');
 select ts_lexize('intdict', '313425');
 select ts_lexize('intdict', '641439323669');
 select ts_lexize('intdict', '314532610153');
+
+ALTER TEXT SEARCH DICTIONARY intdict (MAXLEN = -214783648);

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,11 @@ dintdict_init(PG_FUNCTION_ARGS)`
`45`	`45`	`if (strcmp(defel->defname, "maxlen") == 0)`
`46`	`46`	`{`
`47`	`47`	`d->maxlen = atoi(defGetString(defel));`
	`48`	`+`
	`49`	`+ if (d->maxlen < 1)`
	`50`	`+ ereport(ERROR,`
	`51`	`+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`52`	`+ errmsg("maxlen value has to be >= 1")));`
`48`	`53`	`}`
`49`	`54`	`else if (strcmp(defel->defname, "rejectlong") == 0)`
`50`	`55`	`{`