upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-27 12:54:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/common
History
Noah Misch d1264948fc With GB18030, prevent SIGSEGV from reading past end of allocation. 
With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from().  Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString().  Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions.  All those functions have been
intended to handle untrusted, unterminated input safely.

A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page.  Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach.  Back-patch to v13 (all supported versions).

Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
2025-05-05 04:52:07 -07:00
..
unicode meson: Add dependencies to perl modules to various script invocations 2023-06-09 20:12:16 -07:00
.gitignore Replace the data structure used for keyword lookup. 2019-01-06 17:02:57 -05:00
archive.c Revert refactoring of restore command code to shell_restore.c 2023-02-06 08:28:42 +09:00
base64.c Fix small overestimation of base64 encoding output length. 2023-06-08 11:24:31 -04:00
checksum_helper.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
compression.c Message style improvements 2023-05-19 18:45:29 +02:00
config_info.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
controldata_utils.c Try to handle torn reads of pg_control in frontend. 2023-10-16 17:21:41 +13:00
cryptohash.c Improve/correct comments 2023-03-09 09:59:46 +01:00
cryptohash_openssl.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
d2s.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
d2s_full_table.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
d2s_intrinsics.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
digit_table.h Change floating-point output format for improved performance. 2019-02-13 15:20:33 +00:00
encnames.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
exec.c Implement find_my_exec()'s path normalization using realpath(3). 2023-03-23 18:17:49 -04:00
f2s.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
fe_memutils.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
file_perm.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
file_utils.c Introduce PG_IO_ALIGN_SIZE and align all I/O buffers. 2023-04-08 16:34:50 +12:00
hashfn.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
hmac.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
hmac_openssl.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
ip.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
jsonapi.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:07 -07:00
keywords.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
kwlookup.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
link-canary.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
logging.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
Makefile Revert refactoring of restore command code to shell_restore.c 2023-02-06 08:28:42 +09:00
md5.c Make fallback MD5 implementation thread-safe on big-endian systems 2024-08-07 10:44:05 +03:00
md5_common.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
md5_int.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
meson.build meson: Export all libcommon functions in Windows builds 2024-12-25 18:14:30 +02:00
percentrepl.c Fix error message wordings 2023-05-17 21:33:47 +02:00
pg_get_line.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
pg_lzcompress.c Improve pglz_decompress's defenses against corrupt compressed data. 2023-10-18 20:43:17 -04:00
pg_prng.c Invent random_normal() to provide normally-distributed random numbers. 2023-01-09 12:44:00 -05:00
pgfnames.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
protocol_openssl.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
psprintf.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
relpath.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
restricted_token.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
rmtree.c Message style improvements 2023-05-19 18:45:29 +02:00
ryu_common.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
saslprep.c Guard against enormously long input in pg_saslprep(). 2024-10-28 14:33:55 -04:00
scram-common.c Fix integer-overflow problem in scram_SaltedPassword() 2025-03-26 17:51:44 +09:00
sha1.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
sha1_int.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
sha2.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
sha2_int.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
sprompt.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
string.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
stringinfo.c Use appendStringInfoSpaces in more places 2023-01-20 13:07:24 +13:00
unicode_norm.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
username.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
wait_error.c Add SHELL_ERROR and SHELL_EXIT_CODE magic variables to psql. 2023-03-21 13:03:56 -04:00
wchar.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:07 -07:00