| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Michael Fuhr <mike(at)fuhr(dot)org> |
| Cc: | James Russell <internationalhobo(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #2895: Private Use Unicode character crashes server when using ILIKE |
| Date: | 2007-01-24 03:35:59 |
| Message-ID: | 9448.1169609759@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
I wrote:
> I'm surprised we've not seen reports of other problems. The lack of
> crash in 8.2 is because iwchareq went away completely, but that's
> certainly not the only place doing conversions to pg_wchar and expecting
> the result to fit in a prespecified buffer ...
Actually, it looks like all the other places that use mb2wchar allocate
a buffer with more pg_wchar's than there are bytes in the input, and so
overrun is impossible even with the breakage in pg_utf2wchar_with_len.
The only exception I see in CVS HEAD is sqlchar_to_unicode() in xml.c,
which is new code as of 8.3devel anyway. So we don't appear to have
a serious security issue as I first feared --- the worst that can
happen is a crash like this when iwchareq's return address is
overwritten with a zero, and even that is only in pre-8.2.
Nonetheless, the code is certainly giving wrong answers for 4-byte
characters. Will go fix...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mandeep | 2007-01-24 09:05:47 | BUG #2926: E_OUTOFMEMORY |
| Previous Message | Tom Lane | 2007-01-24 03:24:51 | Re: BUG #2895: Private Use Unicode character crashes server when using ILIKE |