| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: xml2: Fix failure with xslt_process() under -fsanitize=undefined |
| Date: | 2026-03-13 07:07:37 |
| Message-ID: | E1w0wcT-003jQY-0W@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
xml2: Fix failure with xslt_process() under -fsanitize=undefined
The logic of xslt_process() has never considered the fact that
xsltSaveResultToString() would return NULL for an empty string (the
upstream code has always done so, with a string length of 0). This
would cause memcpy() to be called with a NULL pointer, something
forbidden by POSIX.
Like 46ab07ffda9d and similar fixes, this is backpatched down to all the
supported branches, with a test case to cover this scenario. An empty
string has been always returned in xml2 in this case, based on the
history of the module, so this is an old issue.
Reported-by: Alexander Lakhin <exclusion(at)gmail(dot)com>
Discussion: https://postgr.es/m/c516a0d9-4406-47e3-9087-5ca5176ebcf9@gmail.com
Backpatch-through: 14
Branch
------
REL_18_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/e33a4fda00279ebf68f3ce635fbffa2e1a5db670
Modified Files
--------------
contrib/xml2/expected/xml2.out | 10 ++++++++++
contrib/xml2/expected/xml2_1.out | 6 ++++++
contrib/xml2/sql/xml2.sql | 6 ++++++
contrib/xml2/xslt_proc.c | 9 ++++++++-
4 files changed, 30 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2026-03-13 09:08:00 | pgsql: Fix pointer type of ShmemAllocatorData->index |
| Previous Message | Peter Eisentraut | 2026-03-13 06:14:38 | pgsql: Change copyObject() to use typeof_unqual |