mirror of
https://github.com/postgres/postgres.git
synced 2026-04-22 06:37:06 -04:00
d837fb0292
A corrupted string could cause code that iterates with pg_mblen() to overrun its buffer. Fix, by converting all callers to one of the following: 1. Callers with a null-terminated string now use pg_mblen_cstr(), which raises an "illegal byte sequence" error if it finds a terminator in the middle of the sequence. 2. Callers with a length or end pointer now use either pg_mblen_with_len() or pg_mblen_range(), for the same effect, depending on which of the two seems more convenient at each site. 3. A small number of cases pre-validate a string, and can use pg_mblen_unbounded(). The traditional pg_mblen() function and COPYCHAR macro still exist for backward compatibility, but are no longer used by core code and are hereby deprecated. The same applies to the t_isXXX() functions. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <thomas.munro@gmail.com> Co-authored-by: Noah Misch <noah@leadboat.com> Reviewed-by: Heikki Linnakangas <hlinnaka@iki.fi> Reported-by: Paul Gerste (as part of zeroday.cloud) Reported-by: Moritz Sanft (as part of zeroday.cloud) |
||
|---|---|---|
| .. | ||
| data | ||
| expected | ||
| sql | ||
| .gitignore | ||
| hstore--1.1--1.2.sql | ||
| hstore--1.2--1.3.sql | ||
| hstore--1.3--1.4.sql | ||
| hstore--1.4--1.5.sql | ||
| hstore--1.4.sql | ||
| hstore--1.5--1.6.sql | ||
| hstore--1.6--1.7.sql | ||
| hstore--1.7--1.8.sql | ||
| hstore.control | ||
| hstore.h | ||
| hstore_compat.c | ||
| hstore_gin.c | ||
| hstore_gist.c | ||
| hstore_io.c | ||
| hstore_op.c | ||
| hstore_subs.c | ||
| Makefile | ||
| meson.build | ||