sql: check printf() for failure
This patch adds a check that sqlXPrintf() does not fail in the built-in SQL function printf(). There are two possible problems: the result might get too large, or there might be an integer overflow because internally int values are converted to size_t. Closes #tarantool/security#122 NO_DOC=bugfix (cherry picked from commit 13159230)
Showing
- changelogs/unreleased/ghs-122-allocations-in-printf.md 4 additions, 0 deletionschangelogs/unreleased/ghs-122-allocations-in-printf.md
- src/box/sql/func.c 6 additions, 0 deletionssrc/box/sql/func.c
- src/box/sql/printf.c 4 additions, 2 deletionssrc/box/sql/printf.c
- test/sql-luatest/ghs_122_allocations_in_printf_test.lua 27 additions, 0 deletionstest/sql-luatest/ghs_122_allocations_in_printf_test.lua
- test/sql-luatest/suite.ini 1 addition, 1 deletiontest/sql-luatest/suite.ini
Loading
Please register or sign in to comment