Bug #478: Integer overflow in pg_dump

Would someone comment on this?

---------------------------------------------------------------------------

Premysl Maly (premek.maly@seznam.cz) reports a bug with a severity of 2
The lower the number the more severe it is.

Short Description
Integer overflow in pg_dump

Long Description
Talking about version pg_dump (7.1.3)

Well, it fails, when dumping databases indices (while dumping comment on indexes). I hacked the source code and found the select which failed. It is on line 3036 of file pg_dump.

The select looks like:

SELECT description FROM pg_description where oid = 4294958683

it fails always with dtoi4: Integer out of range

I hacked a source, so now the searched oid is qouted:

SELECT description FROM pg_description where oid = '4294958683'

and the bug is gone. Please in a new release look at that. Large numbers should be qouted otherwise they kill SELECT query.

See you

Premek

Sample Code

in pg_dump source on lines 3036-7 should be:

appendPQExpBuffer(query, "SELECT description FROM pg_description where oid = '");
appendPQExpBuffer(query,oid); appendPQExpBuffer(query,"'");

instead of

appendPQExpBuffer(query, "SELECT description FROM pg_description where oid = ");
appendPQExpBuffer(query,oid);

No file was uploaded with this report

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo@postgresql.org)

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Bruce Momjian <pgman@candle.pha.pa.us> writes:

Would someone comment on this?

AFAIK this is fixed in current sources.

regards, tom lane