Skip to content

Commit e0c3d51

Browse files
committed
pg_freespacemap: Fix declaration of pg_freespace(regclass)
This function called generate_series() without enforcing its input argument types, making possible for an attacker to catch this call, by defining for example a generate_series(int,bigint). The internals of pg_freespace(regclass) are changed to force the use of bigint for the inputs of generate_series(). A more consistent style is applied for all its hardcoded values, while on it. Issue introduced in 3f323eb. Reported-by: Noah Misch Reviewed-by: Noah Misch Discussion: https://postgr.es/m/20250106190428.ec.nmisch@google.com
1 parent 3f48294 commit e0c3d51

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,5 @@ RETURNS SETOF RECORD
99
LANGUAGE SQL PARALLEL SAFE
1010
BEGIN ATOMIC
1111
SELECT blkno, pg_freespace($1, blkno) AS avail
12-
FROM generate_series(0, pg_relation_size($1) / current_setting('block_size')::bigint - 1) AS blkno;
12+
FROM generate_series('0'::bigint, pg_relation_size($1) / current_setting('block_size'::text)::bigint - '1'::bigint) AS blkno;
1313
END;

0 commit comments

Comments
 (0)