public inbox for [email protected]
help / color / mirror / Atom feedFrom: Thomas Munro <[email protected]>
To: [email protected]
Subject: pgsql: Fix encoding length for EUC_CN.
Date: Mon, 09 Feb 2026 00:08:21 +0000
Message-ID: <[email protected]> (raw)
Fix encoding length for EUC_CN.
While EUC_CN supports only 1- and 2-byte sequences (CS0, CS1), the
mb<->wchar conversion functions allow 3-byte sequences beginning SS2,
SS3.
Change pg_encoding_max_length() to return 3, not 2, to close a
hypothesized buffer overrun if a corrupted string is converted to wchar
and back again in a newly allocated buffer. We might reconsider that in
master (ie harmonizing in a different direction), but this change seems
better for the back-branches.
Also change pg_euccn_mblen() to report SS2 and SS3 characters as having
length 3 (following the example of EUC_KR). Even though such characters
would not pass verification, it's remotely possible that invalid bytes
could be used to compute a buffer size for use in wchar conversion.
Security: CVE-2026-2006
Backpatch-through: 14
Author: Thomas Munro <[email protected]>
Reviewed-by: Noah Misch <[email protected]>
Reviewed-by: Heikki Linnakangas <[email protected]>
Branch
------
REL_14_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/2a53db21eea7b4db0285f6a44a165def2d3f6531
Modified Files
--------------
src/common/wchar.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
view thread (6+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgsql: Fix encoding length for EUC_CN.
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox