Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wco2I-003div-1C for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Jun 2026 17:38:46 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wco2H-006tQy-0q for pgsql-hackers@arkaria.postgresql.org; Thu, 25 Jun 2026 17:38:45 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wco2G-006tQq-2X for pgsql-hackers@lists.postgresql.org; Thu, 25 Jun 2026 17:38:44 +0000 Received: from mail-oa1-x32.google.com ([2001:4860:4864:20::32]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wco2E-00000000DZC-30eF for pgsql-hackers@postgresql.org; Thu, 25 Jun 2026 17:38:43 +0000 Received: by mail-oa1-x32.google.com with SMTP id 586e51a60fabf-44192448b56so21349fac.2 for ; Thu, 25 Jun 2026 10:38:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=j-davis-com.20251104.gappssmtp.com; s=20251104; t=1782409122; x=1783013922; darn=postgresql.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=AphO1+IfgILgalAOLskGxYsDqpLHslu6GE3VFmw3Lus=; b=t8incqAPE2aXePn34lT78csmMV4Um9Gy4dn8m/WZe515TtgPxLAxu1rev1r97jGQDN BImyi3DlvIT+uhYkZCazE01j6/MQtgBfUh7am3ozzHJHpF5bTnY9OiU9D/HkrVOPjdvy EGw+CixOozuG1f/ufGiDo/CNGmipKPi/B2H03zxiYVgCI3qUymvBwYS057ca4ViOs0oa COZkuvsV0A7yNQerUg66awG4IgCi+WNiScRJERVXd3n2EwkY4xYBPufjapJ5nq9kojwe jlA8PiP3SX/EZOCkxnJX948bWNdliVwcULGulMzEKbQske18F5KMvPoE3VCt1iMyaEL7 G/rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782409122; x=1783013922; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AphO1+IfgILgalAOLskGxYsDqpLHslu6GE3VFmw3Lus=; b=VtSW2TdD5NyRhio4IA55+pUe0ns5/tyLhoRsoW6cumOn2zB55d7Hx+4UnBHp3PJz/D UA5MUgCXQqWIhoUqA0xEpoOLm0A7PVmC0H/BR5+RZcXlQSmnrlEZbZr0TEIDiDdmPsrm 5AAjOBKtg5QZ/HeKa9vHEQlkCMy2ykiNj7vxjRA/arIPPVD8t6OVKlyR3dRtkk83T3ih 1oqnpbmo2yKNFSWXZ7MNerqOqICxL02gQPo1mkqSmFdbZ463zO1/jHtoOp4CQRa0ifFn dWQU3cyhIPL4KSzoXaDYpQ3T1HmR2HwySyyUudr0a5ky7gjjYPTKymg/OmUy9K2KH4AH bzwA== X-Gm-Message-State: AOJu0YxLj0seayiMLd2XEoVl86bfSrjyLOwXYr/JrtedC0l4LjXrCdps MszsL3mWMRfBOoeuwZSL9Pw632I2aKlcFlc7gwa99nP/S4xTWfXAfhw1PxF5vbMwJIjFbNHQXYU I/5g= X-Gm-Gg: AfdE7cl0OiRYvvvs+BNJ6tMtgSAg40CmQzY0Mawan5Uwy8Cgnfrhl5E7UFFkiuca+PR it7ms3q3xzs6SGQxKln7ibfZzoN9OTroO/8PFhqkGDVS+cnw1SaYG1FrCUVdeW4efPxRRdvnZCL oaVaJjY579TZV1lII8NQKVV9CRIPTNf1xFQwIsvaG2X7dJJYTnhzUjz5lkHKWpUH9yy3QSqWD2m u3CwFH4CtZ4JPVyktfBq5x0a7rKXhyRGsc1EsYWlUznEO06g5ed2mWUfttbDAUgdBpQhBmUFXvA in5jVNI4dfx4+2KNRnMn8ThiarRHyGeEWzBJF4EP5yM0yqcgrX+juumtIrviEoqL+Fb12/cd28x QjNscZ2RR1I0TTdz9/CXFyexCQ/ZMyVQftzV24+ZViNOXFH8IkY0IN7j8CInLeAmYJp9SqTG1jk vevkyH40J8KqLM X-Received: by 2002:a05:6809:393:10b0:48a:ddd4:d36f with SMTP id 5614622812f47-49216e36783mr2178893b6e.8.1782409122037; Thu, 25 Jun 2026 10:38:42 -0700 (PDT) Received: from [10.10.244.130] ([12.63.242.123]) by smtp.gmail.com with ESMTPSA id 5614622812f47-48ae8b3b1efsm11051547b6e.0.2026.06.25.10.38.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jun 2026 10:38:41 -0700 (PDT) Message-ID: <0cedb517aee8b79b8e31a4e42885ed88c2a67c5f.camel@j-davis.com> Subject: Re: Small patch to improve safety of utf8_to_unicode(). From: Jeff Davis To: Chao Li Cc: pgsql-hackers@postgresql.org Date: Thu, 25 Jun 2026 10:38:40 -0700 In-Reply-To: <3058CAA1-40E0-4098-893B-615F77CD35E1@gmail.com> References: <541F240E-94AD-4D65-9794-7D6C316BC3FF@gmail.com> <313BCA0E-2E74-4EB6-9AA8-10DB7F439151@gmail.com> <592441c1d871a4ed0ac1708e132f447caa35869c.camel@j-davis.com> <3058CAA1-40E0-4098-893B-615F77CD35E1@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.52.3-0ubuntu1.1 MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, 2026-06-25 at 12:10 +0800, Chao Li wrote: > This uses the second byte, \x20, without validating. So it looks like > the patch prevents reading past the end of the string, but it may not > fully defend against invalid UTF-8 sequences. Correct. We don't do full UTF8 validation until the last patch in the series, which is not being backported. Trying to do full validation in the backbranches seems more likely to cause problems than prevent them. We aren't expecting invalid UTF8, but in the event it got there somehow (perhaps from an old upgraded instance), throwing errors after a minor release is probably not helpful. Even in master, I am not 100% sure we want to detect other kinds of validation errors while processing the UTF8. By the time we are using the value, maybe truncated multibyte sequences are the only thing we care about, and we just need to be sure the code can handle anything that fits in a char32_t. Another thing to consider is an embedded NUL character, which is valid UTF8 but not valid in a TEXT value. Regards, Jeff Davis