Hi all,
pg_utf8_string_len() doesn't check the remaining string length before
calling pg_utf8_is_legal(), so there's a possibility of jumping a
couple of bytes past the end of the string. (The overread stops there,
because the function won't validate a sequence containing a null
byte.)
Here's a quick patch to fix it. I didn't see any other uses of
pg_utf8_is_legal() with missing length checks.
Thanks,
--Jacob