upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-05-23 02:37:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
Base de données relationnelle
62304 commits 38 branches 684 tags 870 MiB
C 84.4%
PLpgSQL 6.2%
Perl 5%
Yacc 1.2%
Meson 0.7%
Other 2.4%
Find a file
Tom Lane c2bfeb3bba Prevent buffer overrun in spell.c's CheckAffix(). 
This function writes into a caller-supplied buffer of length
2 * MAXNORMLEN, which should be plenty in real-world cases.
However a malicious affix file could supply an affix long
enough to overrun that.  Defend by just rejecting the match
if it would overrun the buffer.  I also inserted a check of
the input word length against Affix->replen, just to be sure
we won't index off the buffer, though it would be caller error
for that not to be true.

Also make the actual copying steps a bit more readable, and remove
an unnecessary requirement for the whole input word to fit into the
output buffer (even though it always will with the current caller).

The lack of documentation in this code makes my head hurt, so
I also reverse-engineered a basic header comment for CheckAffix.

Reported-by: Xint Code
Author: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Andrey Borodin <x4mmm@yandex-team.ru>
Discussion: https://postgr.es/m/641711.1776792744@sss.pgh.pa.us
Backpatch-through: 14
2026-04-22 11:04:35 -04:00
.github Add CODE_OF_CONDUCT.md, CONTRIBUTING.md, and SECURITY.md. 2024-07-02 13:03:58 -05:00
config Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
contrib Fix pg_overexplain to emit valid output with RANGE_TABLE option. 2026-04-16 13:49:39 +09:00
doc doc: Correct context description for some JIT support GUCs 2026-04-21 08:45:07 +09:00
src Prevent buffer overrun in spell.c's CheckAffix(). 2026-04-22 11:04:35 -04:00
.abi-compliance-history Update .abi-compliance-history for AddRelationNotNullConstraints(). 2026-02-21 13:08:44 +01:00
.cirrus.star ci: Simplify ci-os-only handling 2025-08-14 12:09:53 -04:00
.cirrus.tasks.yml Fix typo 2026-01-07 15:48:45 +01:00
.cirrus.yml ci: Per-repo configuration for manually trigger tasks 2025-08-14 11:33:44 -04:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add script to keep .editorconfig in sync with .gitattributes 2025-02-01 10:09:45 +01:00
.git-blame-ignore-revs Add previous commit to .git-blame-ignore-revs. 2025-10-21 10:02:19 -05:00
.gitattributes Fix git whitespace warning 2025-08-15 10:32:22 +02:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
.mailmap Add a Git .mailmap file 2024-11-05 13:56:02 +01:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
configure.ac Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
COPYRIGHT Update copyright for 2026 2026-01-01 13:24:10 -05:00
GNUmakefile.in Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Adapt REL_18_STABLE to its new status as a stable branch 2025-06-29 23:00:00 -04:00
meson.build Allow PG_PRINTF_ATTRIBUTE to be different in C and C++ code. 2026-02-25 11:57:26 -05:00
meson_options.txt Add support for basic NUMA awareness 2025-04-07 23:08:17 +02:00
README.md Adapt REL_18_STABLE to its new status as a stable branch 2025-06-29 23:00:00 -04:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

Copyright and license information can be found in the file COPYRIGHT.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/18/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/18/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.