| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | dict_synonym.c: fix truncation of multibyte sequence |
| Date: | 2026-06-04 22:07:25 |
| Message-ID: | 1101e1a3afbbabb503317069c40374b82e6f4cac.camel@j-davis.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
If case_sensitive is false and str_tolower() changes the byte length of
the string, then outlen will be incorrect.
Fortunately, pnstrdup() also stops at a NUL terminator, so it will
never overrun; but if outlen is calculated to be too small, then it
could cause truncation. In any case, the input comes from a trusted
source (dictionary configuration), so it's not very serious.
The correct value of outlen is strlen(d->syn[cur].out). But it's only
ever used in one place, which is a call to pnstrdup(). Given that the
string is NUL-terminated anyway, it's easier to fix it by just changing
that to a pstrdup(). Patch attached, backpatch all the way.
Regards,
Jeff Davis
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-dict_synonym.c-remove-incorrect-outlen.patch | text/x-patch | 1.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chao Li | 2026-06-04 22:21:07 | Re: Fix OAuth validator docs for error_detail on internal errors |
| Previous Message | Tristan Partin | 2026-06-04 21:32:39 | Re: Add per-backend lock statistics |