upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-05-26 03:11:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Michael Paquier 62ad262661 Fix overflows with ts_headline() 
The options "StartSel", "StopSel" and "FragmentDelimiter" given by a
caller of the SQL function ts_headline() have their lengths stored as
int16.  When providing values larger than PG_INT16_MAX, it was possible
to overflow the length values stored, leading to incorrect behaviors in
generateHeadline(), in most cases translating to a crash.

Attempting to use values for these options larger than PG_INT16_MAX is
now blocked.  Some test cases are added to cover our tracks.

Reported-by: Xint Code
Author: Michael Paquier <michael@paquier.xyz>
Backpatch-through: 14
Security: CVE-2026-6473
2026-05-11 05:13:47 -07:00
..
backend Fix overflows with ts_headline() 2026-05-11 05:13:47 -07:00
bin Translation updates 2026-05-11 13:03:08 +02:00
common Fix callers of unicode_strtitle() using srclen == -1. 2026-04-20 14:45:44 -07:00
fe_utils Harden astreamer tar parsing logic against archives it can't handle. 2026-04-02 12:20:26 -04:00
include Add missing guard for __builtin_constant_p 2026-05-05 18:51:27 +07:00
interfaces Translation updates 2026-05-11 13:03:08 +02:00
makefiles pgxs.mk: remove unreachable rule for deleting regress.def. 2025-06-20 12:12:29 -04:00
pl Make plpgsql_trap test more robust and less resource-intensive. 2026-04-21 10:54:39 -04:00
port Suppress "has no symbols" linker warnings on macOS. 2026-04-29 12:25:09 -05:00
template thread-safety: gmtime_r(), localtime_r() 2024-08-23 07:43:04 +02:00
test Fix overflows with ts_headline() 2026-05-11 05:13:47 -07:00
timezone Update time zone data files to tzdata release 2026b. 2026-04-24 12:28:35 -04:00
tools Consider opfamily and collation when removing redundant GROUP BY columns 2026-05-08 12:47:26 +09:00
tutorial Doc: simplify the tutorial's window-function examples. 2025-01-21 14:43:21 -05:00
.gitignore
DEVELOPERS
Makefile Remove distprep 2023-11-06 15:18:04 +01:00
Makefile.global.in Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:40 -04:00
Makefile.shlib Use exported symbols list on macOS for loadable modules as well 2025-06-10 07:04:43 +02:00
meson.build Update copyright for 2025 2025-01-01 11:21:55 -05:00
nls-global.mk Fix update-po for the PGXS case 2025-10-16 20:21:05 +02:00