| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Fix small overread during SASLprep |
| Date: | 2024-09-09 18:30:07 |
| Message-ID: | 778CDD92-8196-4EDA-A0F9-F783DEFBBD92@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 9 Sep 2024, at 17:29, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
> pg_utf8_string_len() doesn't check the remaining string length before
> calling pg_utf8_is_legal(), so there's a possibility of jumping a
> couple of bytes past the end of the string. (The overread stops there,
> because the function won't validate a sequence containing a null
> byte.)
>
> Here's a quick patch to fix it. I didn't see any other uses of
> pg_utf8_is_legal() with missing length checks.
Just to make sure I understand, this is for guarding against overreads in
validation of strings containing torn MB characters? Assuming I didn't
misunderstand you this patch seems correct to me.
--
Daniel Gustafsson
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-09-09 18:35:33 | Re: pgstattuple: fix free space calculation |
| Previous Message | Chapman Flack | 2024-09-09 18:05:41 | Re: access numeric data in module |