mirror of
https://github.com/postgres/postgres.git
synced 2026-03-12 05:32:27 -04:00
cbadeaca92
With GB18030 as source encoding, applications could crash the server via SQL functions convert() or convert_from(). Applications themselves could crash after passing unterminated GB18030 input to libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeStringConn(), or PQescapeString(). Extension code could crash by passing unterminated GB18030 input to jsonapi.h functions. All those functions have been intended to handle untrusted, unterminated input safely. A crash required allocating the input such that the last byte of the allocation was the last byte of a virtual memory page. Some malloc() implementations take measures against that, making the SIGSEGV hard to reach. Back-patch to v13 (all supported versions). Author: Noah Misch <noah@leadboat.com> Author: Andres Freund <andres@anarazel.de> Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com> Backpatch-through: 13 Security: CVE-2025-4207 |
||
|---|---|---|
| .. | ||
| conversion_procs | ||
| Unicode | ||
| conv.c | ||
| iso.c | ||
| Makefile | ||
| mbutils.c | ||
| README | ||
| stringinfo_mb.c | ||
| win866.c | ||
| win1251.c | ||
| wstrcmp.c | ||
| wstrncmp.c | ||
src/backend/utils/mb/README Encodings ========= conv.c: static functions and a public table for code conversion mbutils.c: public functions for the backend only. stringinfo_mb.c: public backend-only multibyte-aware stringinfo functions wstrcmp.c: strcmp for mb wstrncmp.c: strncmp for mb win866.c: a tool to generate KOI8 <--> CP866 conversion table iso.c: a tool to generate KOI8 <--> ISO8859-5 conversion table win1251.c: a tool to generate KOI8 <--> CP1251 conversion table See also in src/common/: encnames.c: public functions for encoding names wchar.c: mostly static functions and a public table for mb string and multibyte conversion Introduction ------------ http://www.cprogramming.com/tutorial/unicode.html