upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-06-28 09:51:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
Base de données relationnelle
59988 commits 38 branches 685 tags 891 MiB
C 84.4%
PLpgSQL 6.2%
Perl 5%
Yacc 1.2%
Meson 0.7%
Other 2.4%
Find a file
Tom Lane ea5f0d176a Prevent some buffer overruns in spell.c's parsing of affix files. 
parse_affentry() and addCompoundAffixFlagValue() each collect fields
from an affix file into working buffers of size BUFSIZ.  They failed
to defend against overlength fields, so that a malicious affix file
could cause a stack smash.  BUFSIZ (typically 8K) is certainly way
longer than any reasonable affix field, but let's fix this while
we're closing holes in this area.

I chose to do this by silently truncating the input before it can
overrun the buffer, using logic comparable to the existing logic in
get_nextfield().  Certainly there's at least as good an argument for
raising an error, but for now let's follow the existing precedent.

Reported-by: Igor Stepansky <igor.stepansky@orca.security>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Andrey Borodin <x4mmm@yandex-team.ru>
Discussion: https://postgr.es/m/864123.1776810909@sss.pgh.pa.us
Backpatch-through: 14
2026-04-22 12:02:15 -04:00
config Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
contrib Avoid memory leak on error while parsing pg_stat_statements dump file 2026-03-27 12:21:38 +02:00
doc doc: Correct context description for some JIT support GUCs 2026-04-21 08:45:13 +09:00
src Prevent some buffer overruns in spell.c's parsing of affix files. 2026-04-22 12:02:15 -04:00
.abi-compliance-history Update .abi-compliance-history for change to enum ProcSignalReason 2026-04-16 23:48:41 +09:00
.cirrus.star ci: Simplify ci-os-only handling 2025-08-14 12:02:42 -04:00
.cirrus.tasks.yml Fix typo 2026-01-07 15:48:54 +01:00
.cirrus.yml ci: Per-repo configuration for manually trigger tasks 2025-08-14 11:33:47 -04:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add .editorconfig 2019-12-18 09:13:13 +01:00
.git-blame-ignore-revs Add previous commit to .git-blame-ignore-revs. 2025-10-21 10:02:19 -05:00
.gitattributes Fix git whitespace warning 2025-08-15 10:32:07 +02:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
configure.ac Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
COPYRIGHT Update copyright for 2026 2026-01-01 13:24:10 -05:00
GNUmakefile.in Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Adapt REL_17_STABLE to its new status as a stable branch 2024-07-01 08:05:35 +09:00
meson.build Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
meson_options.txt Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
README.md Adapt REL_17_STABLE to its new status as a stable branch 2024-07-01 08:05:35 +09:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

Copyright and license information can be found in the file COPYRIGHT.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/17/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/17/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.