+ Prevent integer overflows in array subscripting calculations
+ (Tom Lane)
+
+
+ The array code previously did not complain about cases where an
+ array's lower bound plus length overflows an integer. This resulted
+ in later entries in the array becoming inaccessible (since their
+ subscripts could not be written as integers), but more importantly
+ it confused subsequent assignment operations. This could lead to
+ memory overwrites, with ensuing crashes or unwanted data
+ modifications.
+ (CVE-2021-32027)
+
+
+
+
+
+ Fix mishandling of junk
columns in INSERT
+ ... ON CONFLICT ... UPDATE target lists (Tom Lane)
+
+
+ If the UPDATE list contains any multi-column
+ sub-selects (which give rise to junk columns in addition to the
+ results proper), the UPDATE path would end up
+ storing tuples that include the values of the extra junk columns.
+ That's fairly harmless in the short run, but if new columns are
+ added to the table then the values would become accessible, possibly
+ leading to malfunctions if they don't match the datatypes of the
+ added columns.
+
+
+ In addition, in versions supporting cross-partition updates,
+ a cross-partition update triggered by such a case had the reverse
+ problem: the junk columns were removed from the target list,
+ typically causing an immediate crash due to malfunction of the
+ multi-column sub-select mechanism.
+ (CVE-2021-32028)
+
+
+
+
+
Reduce the overhead of dtrace probes for LWLock operations, when
projects / postgresql.git / commitdiff