| From: | "Tristan Partin" <tristan(at)partin(dot)io> |
|---|---|
| To: | "Jeff Davis" <pgsql(at)j-davis(dot)com> |
| Cc: | "pgsql-hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: dict_synonym.c: fix truncation of multibyte sequence |
| Date: | 2026-06-05 15:57:53 |
| Message-ID: | DJ18MRKAVFG9.1X19THWF6N43F@partin.io |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu Jun 4, 2026 at 10:07 PM UTC, Jeff Davis wrote:
>
> If case_sensitive is false and str_tolower() changes the byte length of
> the string, then outlen will be incorrect.
>
> Fortunately, pnstrdup() also stops at a NUL terminator, so it will
> never overrun; but if outlen is calculated to be too small, then it
> could cause truncation. In any case, the input comes from a trusted
> source (dictionary configuration), so it's not very serious.
>
> The correct value of outlen is strlen(d->syn[cur].out). But it's only
> ever used in one place, which is a call to pnstrdup(). Given that the
> string is NUL-terminated anyway, it's easier to fix it by just changing
> that to a pstrdup(). Patch attached, backpatch all the way.
The fix looks and sounds good. Do we have any way to test this, so it
doesn't regress in the future? Do we need to export a module to test
through SQL?
--
Tristan Partin
PostgreSQL Contributors Team
AWS (https://aws.amazon.com)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tristan Partin | 2026-06-05 16:02:22 | Re: Add per-backend lock statistics |
| Previous Message | Nazir Bilal Yavuz | 2026-06-05 15:54:44 | Re: Heads Up: cirrus-ci is shutting down June 1st |