upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-26 00:31:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/backend
History
Noah Misch 627acc3caa With GB18030, prevent SIGSEGV from reading past end of allocation. 
With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from().  Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString().  Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions.  All those functions have been
intended to handle untrusted, unterminated input safely.

A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page.  Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach.  Back-patch to v13 (all supported versions).

Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
2025-05-05 04:52:04 -07:00
..
access Avoid treating nonrequired nbtree keys as required. 2025-05-02 17:50:58 -04:00
archive Update copyright for 2025 2025-01-01 11:21:55 -05:00
backup Use XLOG_CONTROL_FILE macro consistently for control file name. 2025-04-07 09:27:33 +09:00
bootstrap Remove unnecessary (char *) casts [mem] 2025-02-12 08:50:13 +01:00
catalog Change the names generated for child foreign key constraints. 2025-04-23 12:03:02 -04:00
commands Handle self-referencing FKs correctly in partitioned tables 2025-05-02 21:25:50 +02:00
executor Don't use a tuplestore if we don't have to for SQL-language functions. 2025-05-02 16:16:20 -04:00
foreign Update copyright for 2025 2025-01-01 11:21:55 -05:00
jit Don't use double-quotes in #include's of system headers, redux. 2025-04-27 13:23:19 -04:00
lib Update copyright for 2025 2025-01-01 11:21:55 -05:00
libpq Modularize log_connections output 2025-03-12 11:35:21 -04:00
main Use thread-safe strftime_l() instead of strftime(). 2025-03-28 07:13:43 +01:00
nodes gen_node_support.pl: improve error message for unclosed struct. 2025-04-22 13:56:31 -04:00
optimizer Revert "Refactor ChangeVarNodesExtended() using the custom callback" 2025-05-03 22:42:05 +03:00
parser Allow NOT NULL constraints to be added as NOT VALID 2025-04-07 19:19:50 +02:00
partitioning Fix bug in cbc127917 to handle nested Append correctly 2025-02-25 09:24:42 +09:00
po Translation updates 2025-05-05 12:04:49 +02:00
port Give up on running with NetBSD/OpenBSD's default semaphore settings. 2025-04-29 17:27:52 -04:00
postmaster Fix typos and grammar in the code 2025-04-19 19:17:42 +09:00
regex Another unintentional behavior change in commit e9931bfb75. 2025-04-16 16:49:42 -07:00
replication Fix assertion failure during decoding from synced slots. 2025-04-29 12:52:05 +05:30
rewrite Revert "Refactor ChangeVarNodesExtended() using the custom callback" 2025-05-03 22:42:05 +03:00
snowball Use PG_MODULE_MAGIC_EXT in our installable shared libraries. 2025-03-26 11:11:02 -04:00
statistics Fix recently introduced typos 2025-04-11 22:17:12 +02:00
storage Don't use double-quotes in #include's of system headers, redux. 2025-04-27 13:23:19 -04:00
tcop Add function to get memory context stats for processes 2025-04-08 11:06:56 +02:00
tsearch Clear errno before calling strtol() in spell.c. 2025-03-08 11:24:25 -05:00
utils With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:04 -07:00
.gitignore Add .gitignore entries for AIX-specific intermediate build artifacts. 2015-07-08 20:44:22 -04:00
common.mk Blind attempt to fix LLVM dependency in the backend 2022-09-15 10:53:48 +07:00
Makefile aio: Add liburing dependency 2025-03-26 19:45:32 -04:00
meson.build Update copyright for 2025 2025-01-01 11:21:55 -05:00
nls.mk Return yyparse() result not via global variable 2025-01-24 06:55:39 +01:00