| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Dmitry Koval <d(dot)koval(at)postgrespro(dot)ru> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #18274: Error 'invalid XML content' |
| Date: | 2024-01-25 04:37:22 |
| Message-ID: | ZbHlgrPLtBZyr_QW@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Wed, Jan 17, 2024 at 08:59:26AM +0900, Michael Paquier wrote:
> This one had better be done first because it is required by your
> original issue, and that's what could make the buildfarm shaky.
>
> I have checked the other XML calls in the tree and did not spot
> anything else that ought to be changed, so I have extracted this stuff
> from your v2 and applied it on HEAD. Let's see how it goes.
The security team has discussed 2197d06224a1 after a report from
coverity regarding the effects that issues like [1] would create in
the backend, and concluded that this patch should be reverted because
this could cause the backend to waste plently of CPU and/or memory
even if the application applied checks on the size of the data given
in input, and libxml2 does not offer guarantees that input limits are
respected under XML_PARSE_HUGE.
So I am planning to do do so in the next 24 hours. Note that this
does not impact 65c5864d7fac, as XML_PARSE_NOENT is an immediate
substitute of xmlSubstituteEntitiesDefault().
[1]: https://en.wikipedia.org/wiki/Billion_laughs_attack
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jason ChenTJ (CN) | 2024-01-25 04:55:59 | 回复: [External]Re: BUG #18308: SQL query information_schema metadata got error: server process was terminated by signal 11: Segment |
| Previous Message | Jason ChenTJ (CN) | 2024-01-25 04:01:03 | 回复: [External]Re: BUG #18308: SQL query information_schema metadata got error: server process was terminated by signal 11: Segment |