public inbox for [email protected]help / color / mirror / Atom feed
pgsql: Code coverage for most pg_mblen* calls. 6+ messages / 1 participants [nested] [flat]
* pgsql: Code coverage for most pg_mblen* calls. @ 2026-02-09 00:06 Thomas Munro <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Thomas Munro @ 2026-02-09 00:06 UTC (permalink / raw) To: [email protected] Code coverage for most pg_mblen* calls. A security patch changed them today, so close the coverage gap now. Test that buffer overrun is avoided when pg_mblen*() requires more than the number of bytes remaining. This does not cover the calls in dict_thesaurus.c or in dict_synonym.c. That code is straightforward. To change that code's input, one must have access to modify installed OS files, so low-privilege users are not a threat. Testing this would likewise require changing installed share/postgresql/tsearch_data, which was enough of an obstacle to not bother. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <[email protected]> Co-authored-by: Noah Misch <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/c67bef3f3252a3a38bf347f9f119944176a796ce Modified Files -------------- contrib/pg_trgm/Makefile | 2 +- contrib/pg_trgm/data/trgm_utf8.data | 50 ++++ contrib/pg_trgm/expected/pg_utf8_trgm.out | 8 + contrib/pg_trgm/expected/pg_utf8_trgm_1.out | 3 + contrib/pg_trgm/meson.build | 1 + contrib/pg_trgm/sql/pg_utf8_trgm.sql | 9 + src/backend/utils/adt/arrayfuncs.c | 6 + src/test/regress/expected/copyencoding.out | 7 + src/test/regress/expected/encoding.out | 401 ++++++++++++++++++++++++++++ src/test/regress/expected/encoding_1.out | 4 + src/test/regress/expected/euc_kr.out | 16 ++ src/test/regress/expected/euc_kr_1.out | 6 + src/test/regress/parallel_schedule | 2 +- src/test/regress/regress.c | 139 ++++++++++ src/test/regress/sql/copyencoding.sql | 7 + src/test/regress/sql/encoding.sql | 228 ++++++++++++++++ src/test/regress/sql/euc_kr.sql | 12 + 17 files changed, 899 insertions(+), 2 deletions(-) ^ permalink raw reply [nested|flat] 6+ messages in thread
* pgsql: Code coverage for most pg_mblen* calls. @ 2026-02-09 00:07 Thomas Munro <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Thomas Munro @ 2026-02-09 00:07 UTC (permalink / raw) To: [email protected] Code coverage for most pg_mblen* calls. A security patch changed them today, so close the coverage gap now. Test that buffer overrun is avoided when pg_mblen*() requires more than the number of bytes remaining. This does not cover the calls in dict_thesaurus.c or in dict_synonym.c. That code is straightforward. To change that code's input, one must have access to modify installed OS files, so low-privilege users are not a threat. Testing this would likewise require changing installed share/postgresql/tsearch_data, which was enough of an obstacle to not bother. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <[email protected]> Co-authored-by: Noah Misch <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Branch ------ REL_18_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/b0f5d25bc3679afaed69d367c72efd387c763d04 Modified Files -------------- contrib/pg_trgm/Makefile | 2 +- contrib/pg_trgm/data/trgm_utf8.data | 50 ++++ contrib/pg_trgm/expected/pg_utf8_trgm.out | 8 + contrib/pg_trgm/expected/pg_utf8_trgm_1.out | 3 + contrib/pg_trgm/meson.build | 1 + contrib/pg_trgm/sql/pg_utf8_trgm.sql | 9 + src/backend/utils/adt/arrayfuncs.c | 6 + src/test/regress/expected/encoding.out | 401 ++++++++++++++++++++++++++++ src/test/regress/expected/encoding_1.out | 4 + src/test/regress/expected/euc_kr.out | 16 ++ src/test/regress/expected/euc_kr_1.out | 6 + src/test/regress/parallel_schedule | 2 +- src/test/regress/regress.c | 139 ++++++++++ src/test/regress/sql/encoding.sql | 228 ++++++++++++++++ src/test/regress/sql/euc_kr.sql | 12 + 15 files changed, 885 insertions(+), 2 deletions(-) ^ permalink raw reply [nested|flat] 6+ messages in thread
* pgsql: Code coverage for most pg_mblen* calls. @ 2026-02-09 00:07 Thomas Munro <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Thomas Munro @ 2026-02-09 00:07 UTC (permalink / raw) To: [email protected] Code coverage for most pg_mblen* calls. A security patch changed them today, so close the coverage gap now. Test that buffer overrun is avoided when pg_mblen*() requires more than the number of bytes remaining. This does not cover the calls in dict_thesaurus.c or in dict_synonym.c. That code is straightforward. To change that code's input, one must have access to modify installed OS files, so low-privilege users are not a threat. Testing this would likewise require changing installed share/postgresql/tsearch_data, which was enough of an obstacle to not bother. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <[email protected]> Co-authored-by: Noah Misch <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Branch ------ REL_17_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/10ebc4bd67ec46009e18215e77347390b29d70b3 Modified Files -------------- contrib/pg_trgm/Makefile | 2 +- contrib/pg_trgm/data/trgm_utf8.data | 50 ++++ contrib/pg_trgm/expected/pg_utf8_trgm.out | 8 + contrib/pg_trgm/expected/pg_utf8_trgm_1.out | 3 + contrib/pg_trgm/meson.build | 1 + contrib/pg_trgm/sql/pg_utf8_trgm.sql | 9 + src/backend/utils/adt/arrayfuncs.c | 6 + src/test/regress/expected/encoding.out | 401 ++++++++++++++++++++++++++++ src/test/regress/expected/encoding_1.out | 4 + src/test/regress/expected/euc_kr.out | 16 ++ src/test/regress/expected/euc_kr_1.out | 6 + src/test/regress/parallel_schedule | 2 +- src/test/regress/regress.c | 139 ++++++++++ src/test/regress/sql/encoding.sql | 228 ++++++++++++++++ src/test/regress/sql/euc_kr.sql | 12 + 15 files changed, 885 insertions(+), 2 deletions(-) ^ permalink raw reply [nested|flat] 6+ messages in thread
* pgsql: Code coverage for most pg_mblen* calls. @ 2026-02-09 00:07 Thomas Munro <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Thomas Munro @ 2026-02-09 00:07 UTC (permalink / raw) To: [email protected] Code coverage for most pg_mblen* calls. A security patch changed them today, so close the coverage gap now. Test that buffer overrun is avoided when pg_mblen*() requires more than the number of bytes remaining. This does not cover the calls in dict_thesaurus.c or in dict_synonym.c. That code is straightforward. To change that code's input, one must have access to modify installed OS files, so low-privilege users are not a threat. Testing this would likewise require changing installed share/postgresql/tsearch_data, which was enough of an obstacle to not bother. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <[email protected]> Co-authored-by: Noah Misch <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Branch ------ REL_16_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/4c08960d97e950b00a4f6bf255d5409da98c6032 Modified Files -------------- contrib/pg_trgm/Makefile | 2 +- contrib/pg_trgm/data/trgm_utf8.data | 50 ++++ contrib/pg_trgm/expected/pg_utf8_trgm.out | 8 + contrib/pg_trgm/expected/pg_utf8_trgm_1.out | 3 + contrib/pg_trgm/meson.build | 1 + contrib/pg_trgm/sql/pg_utf8_trgm.sql | 9 + src/backend/utils/adt/arrayfuncs.c | 6 + src/test/regress/expected/encoding.out | 401 ++++++++++++++++++++++++++++ src/test/regress/expected/encoding_1.out | 4 + src/test/regress/expected/euc_kr.out | 16 ++ src/test/regress/expected/euc_kr_1.out | 6 + src/test/regress/parallel_schedule | 2 +- src/test/regress/regress.c | 139 ++++++++++ src/test/regress/sql/encoding.sql | 228 ++++++++++++++++ src/test/regress/sql/euc_kr.sql | 12 + 15 files changed, 885 insertions(+), 2 deletions(-) ^ permalink raw reply [nested|flat] 6+ messages in thread
* pgsql: Code coverage for most pg_mblen* calls. @ 2026-02-09 00:07 Thomas Munro <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Thomas Munro @ 2026-02-09 00:07 UTC (permalink / raw) To: [email protected] Code coverage for most pg_mblen* calls. A security patch changed them today, so close the coverage gap now. Test that buffer overrun is avoided when pg_mblen*() requires more than the number of bytes remaining. This does not cover the calls in dict_thesaurus.c or in dict_synonym.c. That code is straightforward. To change that code's input, one must have access to modify installed OS files, so low-privilege users are not a threat. Testing this would likewise require changing installed share/postgresql/tsearch_data, which was enough of an obstacle to not bother. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <[email protected]> Co-authored-by: Noah Misch <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Branch ------ REL_15_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/757bf8145e243b4ad1a76460264f6f4df7e0fb1f Modified Files -------------- contrib/pg_trgm/Makefile | 2 +- contrib/pg_trgm/data/trgm_utf8.data | 50 ++++ contrib/pg_trgm/expected/pg_utf8_trgm.out | 8 + contrib/pg_trgm/expected/pg_utf8_trgm_1.out | 3 + contrib/pg_trgm/sql/pg_utf8_trgm.sql | 9 + src/backend/utils/adt/arrayfuncs.c | 161 +++++++++++ src/include/utils/array.h | 4 + src/test/regress/expected/encoding.out | 401 ++++++++++++++++++++++++++++ src/test/regress/expected/encoding_1.out | 4 + src/test/regress/expected/euc_kr.out | 16 ++ src/test/regress/expected/euc_kr_1.out | 6 + src/test/regress/parallel_schedule | 2 +- src/test/regress/regress.c | 139 ++++++++++ src/test/regress/sql/encoding.sql | 228 ++++++++++++++++ src/test/regress/sql/euc_kr.sql | 12 + 15 files changed, 1043 insertions(+), 2 deletions(-) ^ permalink raw reply [nested|flat] 6+ messages in thread
* pgsql: Code coverage for most pg_mblen* calls. @ 2026-02-09 00:08 Thomas Munro <[email protected]> 0 siblings, 0 replies; 6+ messages in thread From: Thomas Munro @ 2026-02-09 00:08 UTC (permalink / raw) To: [email protected] Code coverage for most pg_mblen* calls. A security patch changed them today, so close the coverage gap now. Test that buffer overrun is avoided when pg_mblen*() requires more than the number of bytes remaining. This does not cover the calls in dict_thesaurus.c or in dict_synonym.c. That code is straightforward. To change that code's input, one must have access to modify installed OS files, so low-privilege users are not a threat. Testing this would likewise require changing installed share/postgresql/tsearch_data, which was enough of an obstacle to not bother. Security: CVE-2026-2006 Backpatch-through: 14 Co-authored-by: Thomas Munro <[email protected]> Co-authored-by: Noah Misch <[email protected]> Reviewed-by: Heikki Linnakangas <[email protected]> Branch ------ REL_14_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/e7591254c30258fe5af8ad123dd70d631b653086 Modified Files -------------- contrib/pg_trgm/Makefile | 2 +- contrib/pg_trgm/data/trgm_utf8.data | 50 ++++ contrib/pg_trgm/expected/pg_utf8_trgm.out | 8 + contrib/pg_trgm/expected/pg_utf8_trgm_1.out | 3 + contrib/pg_trgm/sql/pg_utf8_trgm.sql | 9 + src/backend/utils/adt/arrayfuncs.c | 161 +++++++++++ src/include/utils/array.h | 4 + src/test/regress/expected/.gitignore | 2 + src/test/regress/expected/euc_kr.out | 16 ++ src/test/regress/expected/euc_kr_1.out | 6 + src/test/regress/input/encoding.source | 223 ++++++++++++++++ src/test/regress/output/encoding.source | 398 ++++++++++++++++++++++++++++ src/test/regress/output/encoding_1.source | 4 + src/test/regress/parallel_schedule | 2 +- src/test/regress/regress.c | 139 ++++++++++ src/test/regress/sql/.gitignore | 1 + src/test/regress/sql/euc_kr.sql | 12 + 17 files changed, 1038 insertions(+), 2 deletions(-) ^ permalink raw reply [nested|flat] 6+ messages in thread
end of thread, other threads:[~2026-02-09 00:08 UTC | newest] Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2026-02-09 00:06 pgsql: Code coverage for most pg_mblen* calls. Thomas Munro <[email protected]> 2026-02-09 00:07 pgsql: Code coverage for most pg_mblen* calls. Thomas Munro <[email protected]> 2026-02-09 00:07 pgsql: Code coverage for most pg_mblen* calls. Thomas Munro <[email protected]> 2026-02-09 00:07 pgsql: Code coverage for most pg_mblen* calls. Thomas Munro <[email protected]> 2026-02-09 00:07 pgsql: Code coverage for most pg_mblen* calls. Thomas Munro <[email protected]> 2026-02-09 00:08 pgsql: Code coverage for most pg_mblen* calls. Thomas Munro <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox