| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
| Cc: | PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Potential buffer overrun in spell.c's CheckAffix() |
| Date: | 2026-04-22 14:50:09 |
| Message-ID: | 1024190.1776869409@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
I wrote:
> I suppose we could replace the strcpy with
> memcpy(newword, word, len - Affix->replen);
> and then we would not need the "len >= 2 * MAXNORMLEN" test
> and both paths could share the same check. There's something
> to be said for that, though it would be changing the logic to
> a greater extent than just "add some safety checks".
Concretely, about like this, where I also tried to make the actual
byte-copying steps a bit more uniform.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Prevent-buffer-overrun-in-spell.c-s-CheckAffix.patch | text/x-diff | 4.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2026-04-22 15:10:22 | Re: BUG #19435: Error: "No relation entry for relid 2" Triggered by Complex Join with Self-Referencing Tables |
| Previous Message | Ayush Tiwari | 2026-04-22 14:18:00 | to_date()/to_timestamp() silently accept month=0 and day=0 |