mirror of
https://github.com/postgres/postgres.git
synced 2026-04-11 03:56:42 -04:00
56c5a069e0
PostgreSQL 13 and newer versions are directly impacted by that through
the SQL function normalize(), which would cause a call of this function
to write one byte past its allocation if using in input an empty
string after recomposing the string with NFC and NFKC. Older versions
(v10~v12) are not directly affected by this problem as the only code
path using normalization is SASLprep in SCRAM authentication that
forbids the case of an empty string, but let's make the code more robust
anyway there so as any out-of-core callers of this function are covered.
The solution chosen to fix this issue is simple, with the addition of a
fast-exit path if the decomposed string is found as empty. This would
only happen for an empty string as at its lowest level a codepoint would
be decomposed as itself if it has no entry in the decomposition table or
if it has a decomposition size of 0.
Some tests are added to cover this issue in v13~. Note that an empty
string has always been considered as normalized (grammar "IS NF[K]{C,D}
NORMALIZED", through the SQL function is_normalized()) for all the
operations allowed (NFC, NFD, NFKC and NFKD) since this feature has been
introduced as of
|
||
|---|---|---|
| .. | ||
| unicode | ||
| base64.c | ||
| config_info.c | ||
| controldata_utils.c | ||
| exec.c | ||
| fe_memutils.c | ||
| file_perm.c | ||
| file_utils.c | ||
| ip.c | ||
| keywords.c | ||
| Makefile | ||
| md5.c | ||
| pg_lzcompress.c | ||
| pgfnames.c | ||
| psprintf.c | ||
| relpath.c | ||
| restricted_token.c | ||
| rmtree.c | ||
| saslprep.c | ||
| scram-common.c | ||
| sha2.c | ||
| sha2_openssl.c | ||
| string.c | ||
| unicode_norm.c | ||
| username.c | ||
| wait_error.c | ||