upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-01 12:50:55 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/contrib
History
Thomas Munro cecedb912a Replace pg_mblen() with bounds-checked versions. 
A corrupted string could cause code that iterates with pg_mblen() to
overrun its buffer.  Fix, by converting all callers to one of the
following:

1. Callers with a null-terminated string now use pg_mblen_cstr(), which
raises an "illegal byte sequence" error if it finds a terminator in the
middle of the sequence.

2. Callers with a length or end pointer now use either
pg_mblen_with_len() or pg_mblen_range(), for the same effect, depending
on which of the two seems more convenient at each site.

3. A small number of cases pre-validate a string, and can use
pg_mblen_unbounded().

The traditional pg_mblen() function and COPYCHAR macro still exist for
backward compatibility, but are no longer used by core code and are
hereby deprecated.  The same applies to the t_isXXX() functions.

Security: CVE-2026-2006
Backpatch-through: 14
Co-authored-by: Thomas Munro <thomas.munro@gmail.com>
Co-authored-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Heikki Linnakangas <hlinnaka@iki.fi>
Reported-by: Paul Gerste (as part of zeroday.cloud)
Reported-by: Moritz Sanft (as part of zeroday.cloud)
2026-02-09 12:39:01 +13:00
..
adminpack tests: Rename conflicting role names 2025-12-12 08:46:15 +09:00
amcheck amcheck: Fix snapshot usage in bt_index_parent_check 2026-01-21 18:55:43 +01:00
auth_delay Update copyright for 2021 2021-01-02 13:06:25 -05:00
auto_explain Fix EXPLAIN ANALYZE for async-capable nodes. 2021-05-12 14:00:00 +09:00
bloom Count contrib/bloom index scans in pgstat view. 2024-11-12 20:57:37 -05:00
bool_plperl Fix broken ruleutils support for function TRANSFORM clauses. 2021-01-25 13:03:43 -05:00
btree_gin btree_gin: Fix calculation of leftmost interval value. 2023-10-29 11:14:34 +00:00
btree_gist Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
citext CREATE INDEX: use the original userid for more ACL checks. 2022-06-25 09:07:44 -07:00
cube Add binary I/O capability for cube datatype. 2021-03-06 12:04:05 -05:00
dblink Avoid resource leaks when a dblink connection fails. 2025-05-29 10:39:55 -04:00
dict_int Update copyright for 2021 2021-01-02 13:06:25 -05:00
dict_xsyn Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
earthdistance Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
file_fdw Fix bogus ctid requirement for dummy-root partitioned targets 2026-01-23 10:23:10 +09:00
fuzzystrmatch Ensure Soundex difference() function handles empty input sanely. 2023-05-16 10:53:42 -04:00
hstore Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
hstore_plperl Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
hstore_plpython In hstore_plpython, avoid crashing when return value isn't a mapping. 2023-04-27 11:55:06 -04:00
intagg Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
intarray Fix selectivity estimation integer overflow in contrib/intarray 2026-01-04 20:34:45 +13:00
isn Update copyright for 2021 2021-01-02 13:06:25 -05:00
jsonb_plperl Expose internal function for converting int64 to numeric 2020-09-09 20:16:28 +02:00
jsonb_plpython Support infinity and -infinity in the numeric data type. 2020-07-22 19:19:44 -04:00
lo Repair incorrect handling of AfterTriggerSharedData.ats_modifiedcols. 2025-01-22 11:58:20 -05:00
ltree Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
ltree_plpython Improve error messages in ltree_in and lquery_in. 2020-03-31 11:14:42 -04:00
oid2name Add a copyright notice to perl files lacking one. 2021-05-07 10:56:14 -04:00
old_snapshot Initial pgindent and pgperltidy run for v14. 2021-05-12 13:14:10 -04:00
pageinspect Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
passwordcheck tests: Rename conflicting role names 2025-12-12 08:46:15 +09:00
pg_buffercache Add CHECK_FOR_INTERRUPTS in contrib/pg_buffercache functions. 2025-08-19 12:11:29 -07:00
pg_freespacemap Prevent assertion failure in contrib/pg_freespacemap. 2025-03-27 13:20:23 -04:00
pg_prewarm Fix privilege checks for pg_prewarm() on indexes. 2025-10-17 11:36:50 -05:00
pg_stat_statements pg_stat_statements: Fix parameter number gaps in normalized queries 2025-05-29 11:26:31 +09:00
pg_surgery Update copyright for 2021 2021-01-02 13:06:25 -05:00
pg_trgm Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
pg_visibility Restore smgrtruncate() prototype in back-branches. 2025-01-08 10:48:01 +13:00
pgcrypto pgcrypto: Fix buffer overflow in pgp_pub_decrypt_bytea() 2026-02-09 08:01:12 +09:00
pgrowlocks Adjust the order of the prechecks in pgrowlocks() 2023-10-31 16:43:28 +13:00
pgstattuple pgstattuple: Improve reports generated for indexes (hash, gist, btree) 2025-10-02 11:09:17 +09:00
postgres_fdw postgres_fdw: Add more test coverage for EvalPlanQual testing. 2025-11-06 12:15:05 +09:00
seg Replace last PushOverrideSearchPath() call with set_config_option(). 2023-05-08 06:14:11 -07:00
sepgsql Adjust sepgsql expected output for 681d9e462 et al. 2023-05-08 11:24:47 -04:00
spi Remove support for upgrading extensions from "unpackaged" state. 2020-02-19 16:59:14 -05:00
sslinfo Use be_tls_* API for SSL information in sslinfo 2020-11-03 09:47:36 +01:00
start-scripts Remove contrib/start-scripts/osx/. 2017-11-17 12:53:20 -05:00
tablefunc Update copyright for 2021 2021-01-02 13:06:25 -05:00
tcn Update copyright for 2021 2021-01-02 13:06:25 -05:00
test_decoding Fix re-distributing previously distributed invalidation messages during logical decoding. 2025-06-16 17:35:50 -07:00
tsm_system_rows Update copyright for 2021 2021-01-02 13:06:25 -05:00
tsm_system_time Update copyright for 2021 2021-01-02 13:06:25 -05:00
unaccent Replace pg_mblen() with bounds-checked versions. 2026-02-09 12:39:01 +13:00
uuid-ossp Reject bogus output from uuid_create(3). 2022-09-09 12:41:36 -04:00
vacuumlo Add a copyright notice to perl files lacking one. 2021-05-07 10:56:14 -04:00
xml2 Fix incompatibility with libxml2 >= 2.14 2025-07-07 08:54:43 +09:00
contrib-global.mk Respect TEMP_CONFIG when pg_regress_check and friends are called 2016-02-27 12:28:21 -05:00
Makefile Introduce --with-ssl={openssl} as a configure option 2021-02-01 19:19:44 +09:00
README Rename 'gmake' to 'make' in docs and recommended commands 2014-02-12 17:29:19 -05:00

README 

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree.  This does not preclude their
usefulness.

User documentation for each module appears in the main SGML
documentation.

When building from the source distribution, these modules are not
built automatically, unless you build the "world" target.  You can
also build and install them all by running "make all" and "make
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.

Some directories supply new user-defined functions, operators, or
types.  To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command.  In a fresh database,
you can simply do

    CREATE EXTENSION module_name;

See the PostgreSQL documentation for more information about this
procedure.