upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-21 17:00:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/common
History
Noah Misch ec5f89e8a2 With GB18030, prevent SIGSEGV from reading past end of allocation. 
With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from().  Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString().  Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions.  All those functions have been
intended to handle untrusted, unterminated input safely.

A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page.  Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach.  Back-patch to v13 (all supported versions).

Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
2025-05-05 04:52:07 -07:00
..
unicode Clean up newlines following left parentheses 2024-11-26 17:10:07 +01:00
.gitignore Replace the data structure used for keyword lookup. 2019-01-06 17:02:57 -05:00
archive.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
base64.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
binaryheap.c Revert indexed and enlargable binary heap implementation. 2024-04-11 17:18:05 +09:00
blkreftable.c Fix incorrect calculation in BlockRefTableEntryGetBlocks. 2024-04-05 13:41:19 -04:00
checksum_helper.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
compression.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
config_info.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
controldata_utils.c Expose new function get_controlfile_by_exact_path(). 2024-03-13 12:06:44 -04:00
cryptohash.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
cryptohash_openssl.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
d2s.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
d2s_full_table.h Update copyright for 2024 2024-01-03 20:49:05 -05:00
d2s_intrinsics.h Update copyright for 2024 2024-01-03 20:49:05 -05:00
digit_table.h Change floating-point output format for improved performance. 2019-02-13 15:20:33 +00:00
encnames.c Simplify pg_enc2gettext_tbl[] with C99-designated initializer syntax 2024-03-01 18:03:48 +09:00
exec.c Fix errorhandling for reading from a pipe 2024-03-08 22:53:06 +01:00
f2s.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
fe_memutils.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
file_perm.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
file_utils.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
hashfn.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
hmac.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
hmac_openssl.c Unwind #if spaghetti in hmac_openssl.c a bit. 2024-04-02 10:41:44 -04:00
ip.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
jsonapi.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:07 -07:00
keywords.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
kwlookup.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
link-canary.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
logging.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
Makefile Unicode case mapping tables and functions. 2024-03-07 11:15:06 -08:00
md5.c Make fallback MD5 implementation thread-safe on big-endian systems 2024-08-07 10:44:00 +03:00
md5_common.c Fix documentation comment for pg_md5_hash 2024-03-14 09:23:37 +01:00
md5_int.h Update copyright for 2024 2024-01-03 20:49:05 -05:00
meson.build meson: Export all libcommon functions in Windows builds 2024-12-25 18:14:26 +02:00
parse_manifest.c Clean up newlines following left parentheses 2024-11-26 17:10:07 +01:00
percentrepl.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
pg_get_line.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
pg_lzcompress.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
pg_prng.c Add functions to generate random numbers in a specified range. 2024-03-27 10:12:39 +00:00
pgfnames.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
protocol_openssl.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
psprintf.c Use printf's %m format instead of strerror(errno) in more places 2024-03-12 10:02:54 +09:00
relpath.c Replace BackendIds with 0-based ProcNumbers 2024-03-03 19:38:22 +02:00
restricted_token.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
rmtree.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
ryu_common.h Update copyright for 2024 2024-01-03 20:49:05 -05:00
saslprep.c Guard against enormously long input in pg_saslprep(). 2024-10-28 14:33:55 -04:00
scram-common.c Fix integer-overflow problem in scram_SaltedPassword() 2025-03-26 17:49:57 +09:00
sha1.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
sha1_int.h Update copyright for 2024 2024-01-03 20:49:05 -05:00
sha2.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
sha2_int.h Update copyright for 2024 2024-01-03 20:49:05 -05:00
sprompt.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
string.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
stringinfo.c Add destroyStringInfo function for cleaning up StringInfos 2024-03-16 23:18:28 +01:00
unicode_case.c Fix incorrect year in some copyright notices added this year 2024-05-15 15:01:21 +12:00
unicode_category.c Pre-beta mechanical code beautification. 2024-05-14 16:34:50 -04:00
unicode_norm.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
username.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
wait_error.c Update copyright for 2024 2024-01-03 20:49:05 -05:00
wchar.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:07 -07:00