upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-03 20:40:14 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/common
History
Noah Misch 627acc3caa With GB18030, prevent SIGSEGV from reading past end of allocation. 
With GB18030 as source encoding, applications could crash the server via
SQL functions convert() or convert_from().  Applications themselves
could crash after passing unterminated GB18030 input to libpq functions
PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or
PQescapeString().  Extension code could crash by passing unterminated
GB18030 input to jsonapi.h functions.  All those functions have been
intended to handle untrusted, unterminated input safely.

A crash required allocating the input such that the last byte of the
allocation was the last byte of a virtual memory page.  Some malloc()
implementations take measures against that, making the SIGSEGV hard to
reach.  Back-patch to v13 (all supported versions).

Author: Noah Misch <noah@leadboat.com>
Author: Andres Freund <andres@anarazel.de>
Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com>
Backpatch-through: 13
Security: CVE-2025-4207
2025-05-05 04:52:04 -07:00
..
unicode Fix INITCAP() word boundaries for PG_UNICODE_FAST. 2025-04-21 12:34:58 -07:00
.gitignore Replace the data structure used for keyword lookup. 2019-01-06 17:02:57 -05:00
archive.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
base64.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
binaryheap.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
blkreftable.c Revert workarounds for -Wmissing-braces false positives on old GCC 2025-03-20 11:25:58 +01:00
checksum_helper.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
compression.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
config_info.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
controldata_utils.c Use XLOG_CONTROL_FILE macro consistently for control file name. 2025-04-07 09:27:33 +09:00
cryptohash.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
cryptohash_openssl.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
d2s.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
d2s_full_table.h Update copyright for 2025 2025-01-01 11:21:55 -05:00
d2s_intrinsics.h Update copyright for 2025 2025-01-01 11:21:55 -05:00
digit_table.h Change floating-point output format for improved performance. 2019-02-13 15:20:33 +00:00
encnames.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
exec.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
f2s.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
fe_memutils.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
file_perm.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
file_utils.c pg_upgrade: Add --swap for faster file transfer. 2025-03-25 16:02:35 -05:00
hashfn.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
hmac.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
hmac_openssl.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
ip.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
jsonapi.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:04 -07:00
keywords.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
kwlookup.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
link-canary.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
logging.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
Makefile common/jsonapi: support libpq as a client 2024-09-11 09:01:07 +02:00
md5.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
md5_common.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
md5_int.h Update copyright for 2025 2025-01-01 11:21:55 -05:00
meson.build Update copyright for 2025 2025-01-01 11:21:55 -05:00
parse_manifest.c pg_noreturn to replace pg_attribute_noreturn() 2025-03-13 12:37:26 +01:00
percentrepl.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
pg_get_line.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
pg_lzcompress.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
pg_prng.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
pgfnames.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
psprintf.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
relpath.c Change relpath() et al to return path by value 2025-02-25 09:02:07 -05:00
restricted_token.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
rmtree.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
ryu_common.h Update copyright for 2025 2025-01-01 11:21:55 -05:00
saslprep.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
scram-common.c Fix integer-overflow problem in scram_SaltedPassword() 2025-03-26 17:46:51 +09:00
sha1.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
sha1_int.h Update copyright for 2025 2025-01-01 11:21:55 -05:00
sha2.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
sha2_int.h Update copyright for 2025 2025-01-01 11:21:55 -05:00
sprompt.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
string.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
stringinfo.c Fix a compiler warning in initStringInfo(). 2025-01-11 15:52:37 +09:00
unicode_case.c Harmonize function parameter names for Postgres 18. 2025-04-12 12:07:36 -04:00
unicode_category.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
unicode_norm.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
username.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
wait_error.c Update copyright for 2025 2025-01-01 11:21:55 -05:00
wchar.c With GB18030, prevent SIGSEGV from reading past end of allocation. 2025-05-05 04:52:04 -07:00