| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix incremental JSON parser numeric token reassembly across chun |
| Date: | 2026-04-10 14:21:48 |
| Message-ID: | E1wBCk0-000JOZ-0i@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix incremental JSON parser numeric token reassembly across chunks.
When the incremental JSON parser splits a numeric token across chunk
boundaries, it accumulates continuation characters into the partial
token buffer. The accumulator's switch statement unconditionally
accepted '+', '-', '.', 'e', and 'E' as valid numeric continuations
regardless of position, which violated JSON number grammar
(-? int [frac] [exp]). For example, input "4-" fed in single-byte
chunks would accumulate the '-' into the numeric token, producing an
invalid token that later triggered an assertion failure during
re-lexing.
Fix by tracking parser state (seen_dot, seen_exp, prev character)
across the existing partial token and incoming bytes, so that each
character class is accepted only in its grammatically valid position.
Backpatch-through: 17
Branch
------
REL_18_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/3e4955630292a7eb38f5fb3c6c5685623088ffd1
Modified Files
--------------
src/common/jsonapi.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 55 insertions(+), 6 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2026-04-10 14:39:44 | pgsql: Fix heap-buffer-overflow in pglz_decompress() on corrupt input. |
| Previous Message | Fujii Masao | 2026-04-10 14:01:41 | Re: pgsql: Reduce log level of some logical decoding messages from LOG to D |