diff options
| author | Noah Misch <noah@leadboat.com> | 2025-05-05 04:52:04 -0700 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2025-05-05 04:52:08 -0700 |
| commit | 3f2ab73934ab1e27151ecd14fd7d8ef602555093 (patch) | |
| tree | 104f0bf916d41f0a07d46bd1c75a230399b7c0b2 /src/interfaces/libpq/fe-misc.c | |
| parent | 258cde839d902ad9dd41cbd7ab58ebf4ba086874 (diff) | |
| download | postgresql-3f2ab73934ab1e27151ecd14fd7d8ef602555093.tar.gz postgresql-3f2ab73934ab1e27151ecd14fd7d8ef602555093.zip | |
With GB18030, prevent SIGSEGV from reading past end of allocation.
With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from(). Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString(). Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions. All those functions have been
intended to handle untrusted, unterminated input safely.
A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page. Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach. Back-patch to v13 (all supported versions).
Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
Diffstat (limited to 'src/interfaces/libpq/fe-misc.c')
| -rw-r--r-- | src/interfaces/libpq/fe-misc.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c index 55021fa5bf3..f92d7c0c7d1 100644 --- a/src/interfaces/libpq/fe-misc.c +++ b/src/interfaces/libpq/fe-misc.c @@ -1180,13 +1180,9 @@ pqSocketPoll(int sock, int forRead, int forWrite, time_t end_time) */ /* - * Returns the byte length of the character beginning at s, using the - * specified encoding. - * - * Caution: when dealing with text that is not certainly valid in the - * specified encoding, the result may exceed the actual remaining - * string length. Callers that are not prepared to deal with that - * should use PQmblenBounded() instead. + * Like pg_encoding_mblen(). Use this in callers that want the + * dynamically-linked libpq's stance on encodings, even if that means + * different behavior in different startups of the executable. */ int PQmblen(const char *s, int encoding) @@ -1195,8 +1191,9 @@ PQmblen(const char *s, int encoding) } /* - * Returns the byte length of the character beginning at s, using the - * specified encoding; but not more than the distance to end of string. + * Like pg_encoding_mblen_bounded(). Use this in callers that want the + * dynamically-linked libpq's stance on encodings, even if that means + * different behavior in different startups of the executable. */ int PQmblenBounded(const char *s, int encoding) |