upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-09 11:06:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/common
History
Noah Misch 44ba3f55f5 With GB18030, prevent SIGSEGV from reading past end of allocation. 
With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from().  Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString().  Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions.  All those functions have been
intended to handle untrusted, unterminated input safely.

A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page.  Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach.  Back-patch to v13 (all supported versions).

Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
2025-05-05 04:52:08 -07:00
..
unicode Make update-unicode target work in vpath builds 2022-03-25 09:47:50 +01:00
.gitignore Replace the data structure used for keyword lookup. 2019-01-06 17:02:57 -05:00
archive.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
base64.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
checksum_helper.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
compression.c Message style improvements 2022-09-24 18:38:35 -04:00
config_info.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
controldata_utils.c Try to handle torn reads of pg_control in frontend. 2023-10-16 17:23:02 +13:00
cryptohash.c Fix comment related to pg_cryptohash_error() 2022-01-12 12:39:36 +09:00
cryptohash_openssl.c Pre-beta mechanical code beautification. 2022-05-12 15:17:30 -04:00
d2s.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
d2s_full_table.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
d2s_intrinsics.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
digit_table.h Change floating-point output format for improved performance. 2019-02-13 15:20:33 +00:00
encnames.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
exec.c Pre-beta mechanical code beautification. 2022-05-12 15:17:30 -04:00
f2s.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
fe_memutils.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
file_perm.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
file_utils.c Replace pgwin32_is_junction() with lstat(). 2024-11-08 09:29:40 +10:30
hashfn.c Use bitwise rotate functions in more places 2022-02-20 13:22:08 +07:00
hmac.c Improve error handling of HMAC computations 2022-01-13 16:17:21 +09:00
hmac_openssl.c Clear the OpenSSL error queue before cryptohash operations 2022-05-06 14:41:31 +02:00
ip.c Suppress integer-overflow compiler warning for inconsistent sun_len. 2022-02-14 11:25:46 -05:00
jsonapi.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:08 -07:00
keywords.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
kwlookup.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
link-canary.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
logging.c logging: Also add the command prefix to detail and hint messages 2022-05-30 07:26:06 +02:00
Makefile Rename backup_compression.{c,h} to compression.{c,h} 2022-04-12 13:38:54 +09:00
md5.c Make fallback MD5 implementation thread-safe on big-endian systems 2024-08-07 10:44:10 +03:00
md5_common.c Add missing error handling in pg_md5_hash(). 2022-04-18 20:04:55 -04:00
md5_int.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
pg_get_line.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
pg_lzcompress.c Improve pglz_decompress's defenses against corrupt compressed data. 2023-10-18 20:43:17 -04:00
pg_prng.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
pgfnames.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
protocol_openssl.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
psprintf.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
relpath.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
restricted_token.c Improve frontend error logging style. 2022-04-08 14:55:14 -04:00
rmtree.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
ryu_common.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
saslprep.c Guard against enormously long input in pg_saslprep(). 2024-10-28 14:33:55 -04:00
scram-common.c Improve error handling of HMAC computations 2022-01-13 16:17:21 +09:00
sha1.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
sha1_int.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
sha2.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
sha2_int.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
sprompt.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
string.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
stringinfo.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
unicode_norm.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
username.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
wait_error.c Update copyright for 2022 2022-01-07 19:04:57 -05:00
wchar.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:08 -07:00