Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wIOFl-0082jO-30
	for pgsql-bugs@arkaria.postgresql.org;
	Thu, 30 Apr 2026 10:04:19 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wIOFk-006zcF-2z
	for pgsql-bugs@arkaria.postgresql.org;
	Thu, 30 Apr 2026 10:04:16 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <x4mmm@yandex-team.ru>)
	id 1wIOFk-006zc6-1j
	for pgsql-bugs@lists.postgresql.org;
	Thu, 30 Apr 2026 10:04:16 +0000
Received: from forwardcorp1b.mail.yandex.net ([178.154.239.136])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <x4mmm@yandex-team.ru>)
	id 1wIOFe-00000003UTI-2BP2
	for pgsql-bugs@lists.postgresql.org;
	Thu, 30 Apr 2026 10:04:15 +0000
Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c24:fa2:0:640:41ee:0])
	by forwardcorp1b.mail.yandex.net (Yandex) with ESMTPS id CFD7380814;
	Thu, 30 Apr 2026 13:04:05 +0300 (MSK)
Received: from smtpclient.apple (94.51.235.105-FTTB.planeta.tc [94.51.235.105])
	by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp) with ESMTPSA id 34YJkA0Lsa60-PSmyh0TW;
	Thu, 30 Apr 2026 13:04:05 +0300
X-Yandex-Fwd: 1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru;
	s=default; t=1777543445;
	bh=aWucBoUecMLLbozlfBfbBjATGRaPla7zUwTj5WQHUQo=;
	h=Message-Id:To:Date:References:Cc:In-Reply-To:From:Subject;
	b=kXQFNObSL4VnAow1JlqIZoI5HlsiAcF9MQf6nbAuKgnl0P9/TaOaLrEENvB/nSQpg
	 mAESD9kpWFm/qzDYN6hJWlFVrUw4LhvZZwW/F6PZjNO5B7vy/CxpXoykjKCS1bEGRX
	 ceUe05C7JQQSjBq4hgfOro32o/HuXiP9kgGeny74=
Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.500.181\))
Subject: Re: Potential buffer overrun in spell.c's CheckAffix()
From: Andrey Borodin <x4mmm@yandex-team.ru>
In-Reply-To: <E8FF434D-BE94-4E37-B195-41CA1A33357D@yandex-team.ru>
Date: Thu, 30 Apr 2026 10:56:17 +0300
Cc: PostgreSQL mailing lists <pgsql-bugs@lists.postgresql.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2480A4C7-E144-474F-B4DD-D9D798526E6E@yandex-team.ru>
References: <641711.1776792744@sss.pgh.pa.us>
 <F6506DC9-7E95-4FA3-A9E3-37392E92463D@yandex-team.ru>
 <959933.1776865480@sss.pgh.pa.us>
 <E8FF434D-BE94-4E37-B195-41CA1A33357D@yandex-team.ru>
To: Tom Lane <tgl@sss.pgh.pa.us>
X-Mailer: Apple Mail (2.3864.500.181)
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: <https://www.postgresql.org/message-id/2480A4C7-E144-474F-B4DD-D9D798526E6E%40yandex-team.ru>
Precedence: bulk



> On 23 Apr 2026, at 12:58, Andrey Borodin <x4mmm@yandex-team.ru> wrote:
>=20
> Yes, 40Kb in NIImportOOAffixes() is a lot. But is it important in =
grand scheme of
> things? Minimum max_stack_depth is 100Kb, ought to be enough=E2=80=A6

IsAffixFlagInUse(), addCompoundAffixFlagValue() and =
getCompoundAffixFlagValue()
also allocate 8Kb on stack...
Would it make sense to add check_stack_depth() into =
addCompoundAffixFlagValue()?
Other prominent allocators (NIImportOOAffixes(),NIImportAffixes()) call =
it anyway.
At least we will know if disaster is around the corner.


Best regards, Andrey Borodin.=