Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVGDt-001pXF-38 for pgsql-hackers@arkaria.postgresql.org; Thu, 04 Jun 2026 22:07:34 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wVGDs-008txW-2A for pgsql-hackers@arkaria.postgresql.org; Thu, 04 Jun 2026 22:07:32 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVGDs-008txO-0p for pgsql-hackers@lists.postgresql.org; Thu, 04 Jun 2026 22:07:32 +0000 Received: from mail-dy1-x1335.google.com ([2607:f8b0:4864:20::1335]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wVGDp-00000001JLS-2teS for pgsql-hackers@postgresql.org; Thu, 04 Jun 2026 22:07:31 +0000 Received: by mail-dy1-x1335.google.com with SMTP id 5a478bee46e88-304e83724bfso1504466eec.0 for ; Thu, 04 Jun 2026 15:07:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=j-davis-com.20251104.gappssmtp.com; s=20251104; t=1780610847; x=1781215647; darn=postgresql.org; h=mime-version:user-agent:date:to:from:subject:message-id:from:to:cc :subject:date:message-id:reply-to; bh=64ePaM2k2Dgm2t2A7TSe2+ANEKGEI6XlgLnxyeANNCo=; b=BQW+8ZhuYROF1WvXq/Bz7Go10JaPuKMtr+wbR1TQq8UyooboAIBBVjRa0GCT8RKfsN gIrPWxTRbPtEUcX7cNRhoiUVQ8J5QpNxps+NHiL9hfJem0JRn5sM+3EM9NqbBMbxwaxa LtkJyhNGklu5QoMjhHTfThltjIyGH8VuH3ZoiRpfxwzPSAtuCkCebloFL6pqbfEZ0BL0 snMoIbutQ8gRdRDj4/D5gAq1GwvgrOKqY2GhEcibCn1myFQAyBxmoVGo3YHQuZoU84OD pLbOm+E0KvIxeTYT8yDA7E957W1CCOgMBHKpAi/bT2uE40deP6MU5XrTa6KrdW7gDfEJ 1WZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780610847; x=1781215647; h=mime-version:user-agent:date:to:from:subject:message-id:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=64ePaM2k2Dgm2t2A7TSe2+ANEKGEI6XlgLnxyeANNCo=; b=D/pQW7MFUjMiAwQiS7pkbbzmfV5hx++PlEcMZgD1ik/d5aFMRj/++lnxQr6QY6V9tF HVM+fiQdJAsRk0SOvRDQW7Ftjw2K689Gw+/7EYMp9mv4PK5Kt+VLjFHy0wEb3Vu7JTr5 UfmEvMzGUFrYDGr9za+bXjQszYStQP0+eUWCmCIE65SdmfNh9NVd4Yqj4P0OMHMjJwH3 r2DfNHu6HfAUmsHwKiRyUd07+o0biWwn/loIHa/Vncipx0apnH8m+Q4BVPYa/YU3NGnu Gxzz8TiyfgvShpNfTxJCJTsJMYpOCdiQcXklYjYxOTyBk75awv+kqK5UnC5ZTNVFKbdO FZRg== X-Gm-Message-State: AOJu0Yw2kxBFXYvJ0eWRxsOzTxY2bBMNe+CszJZLwGWW4YAX/hUlCFpY VkxX40Xh6bzm1vleY9q/Do3KtwGI5Up5Z09mUvQvKTKHNW+xQn8SXnNPKfqX1itHCltNizLCOxt ND3E= X-Gm-Gg: Acq92OH5Nmn1EAlK6AtvXNt0hMMPHuyMQ/Gax7051TdZm2O9s+kQTpa85XUmirn73rk 1LVpaEpbsrDZyYGd9b0oWm9lcxUb7Gpi2083QsvCfEo0MH51WxNcgVTR97prKHYIVsybqe8oW+3 ORPVHSs3VwdBzyH2sUbL+xt/3P5tEy0H4VvvJHOKkuIJ4qJf+8XdxeX/NgjHceO+OC8IhYOUacw qvaGJ+koz1ohJwYBZDj9JSExLI64G0WXIIod7DR/EPRfli0JYg3DBWPthQMyk/Lia1+A/3bJw0x IPd2BQ6MagIv5EO2ML1yZeaDqMbrPtBdDLDhV4ZXXR6dCipyRlCUU9CrtcaZDtoIHtEw0KyfKTf UqIhPVfdK6736buJZ3kGSSu/HCWphSlEEeqT2G3WrHw2gXeSBr3Q54LXxseKoCUbqrX5uZE28Fo vPpC/vRyeQYxEboK5/tQCoTsvsurlbze1mJA== X-Received: by 2002:a05:7301:292e:b0:2ed:e14:7f54 with SMTP id 5a478bee46e88-3077b79be38mr247267eec.30.1780610846974; Thu, 04 Jun 2026 15:07:26 -0700 (PDT) Received: from [10.10.245.117] ([50.175.226.11]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-3074dea8708sm6174324eec.15.2026.06.04.15.07.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2026 15:07:26 -0700 (PDT) Message-ID: <1101e1a3afbbabb503317069c40374b82e6f4cac.camel@j-davis.com> Subject: dict_synonym.c: fix truncation of multibyte sequence From: Jeff Davis To: pgsql-hackers@postgresql.org Date: Thu, 04 Jun 2026 15:07:25 -0700 Content-Type: multipart/mixed; boundary="=-1fwzXwdiT4l1FrpwRCpb" User-Agent: Evolution 3.52.3-0ubuntu1.1 MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --=-1fwzXwdiT4l1FrpwRCpb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable If case_sensitive is false and str_tolower() changes the byte length of the string, then outlen will be incorrect. Fortunately, pnstrdup() also stops at a NUL terminator, so it will never overrun; but if outlen is calculated to be too small, then it could cause truncation. In any case, the input comes from a trusted source (dictionary configuration), so it's not very serious. The correct value of outlen is strlen(d->syn[cur].out). But it's only ever used in one place, which is a call to pnstrdup(). Given that the string is NUL-terminated anyway, it's easier to fix it by just changing that to a pstrdup(). Patch attached, backpatch all the way. Regards, Jeff Davis --=-1fwzXwdiT4l1FrpwRCpb Content-Disposition: attachment; filename="v1-0001-dict_synonym.c-remove-incorrect-outlen.patch" Content-Type: text/x-patch; name="v1-0001-dict_synonym.c-remove-incorrect-outlen.patch"; charset="UTF-8" Content-Transfer-Encoding: base64 RnJvbSBjYzM5NWZjYTY4MTAwZDhiZDM1NGVkYWIyZWU5MzI1MTI4NWM5NDNhIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKZWZmIERhdmlzIDxqZWZmQGotZGF2aXMuY29tPgpEYXRlOiBX ZWQsIDE1IEFwciAyMDI2IDEyOjU2OjMxIC0wNzAwClN1YmplY3Q6IFtQQVRDSCB2MV0gZGljdF9z eW5vbnltLmM6IHJlbW92ZSBpbmNvcnJlY3Qgb3V0bGVuLgoKUHJldmlvdXNseSwgb3V0bGVuIHdh cyBtaXNjYWxjdWxhdGVkIGlmIGNhc2Vfc2Vuc2l0aXZlIHdhcyBmYWxzZSBhbmQKc3RyX3RvbG93 ZXIoKSBjaGFuZ2VkIHRoZSBieXRlIGxlbmd0aCBvZiB0aGUgc3RyaW5nLiBJZiBvdXRsZW4gd2Fz IHRvbwpsYXJnZSwgcG5zdHJkdXAoKSB3b3VsZCBzdG9wIGF0IHRoZSBOVUwgdGVybWluYXRvciwg cHJldmVudGluZwpvdmVycnVuLiBCdXQgaWYgb3V0bGVuIHdhcyB0b28gc21hbGwsIGl0IHdvdWxk IGNhdXNlIHRydW5jYXRpb24sCnBvc3NpYmx5IGluIHRoZSBtaWRkbGUgb2YgYSBtdWx0aWJ5dGUg c2VxdWVuY2UuCgpGaXggYnkganVzdCByZW1vdmluZyBvdXRsZW4uIEJvdGggc3RyaW5ncyBhcmUg TlVMLXRlcm1pbmF0ZWQgYW55d2F5LgoKQmFja3BhdGNoLXRocm91Z2g6IDE0Ci0tLQogc3JjL2Jh Y2tlbmQvdHNlYXJjaC9kaWN0X3N5bm9ueW0uYyB8IDQgKy0tLQogMSBmaWxlIGNoYW5nZWQsIDEg aW5zZXJ0aW9uKCspLCAzIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3NyYy9iYWNrZW5kL3Rz ZWFyY2gvZGljdF9zeW5vbnltLmMgYi9zcmMvYmFja2VuZC90c2VhcmNoL2RpY3Rfc3lub255bS5j CmluZGV4IDM5MzdmMjViY2M2Li4yNDM0NTc2NzY1OCAxMDA2NDQKLS0tIGEvc3JjL2JhY2tlbmQv dHNlYXJjaC9kaWN0X3N5bm9ueW0uYworKysgYi9zcmMvYmFja2VuZC90c2VhcmNoL2RpY3Rfc3lu b255bS5jCkBAIC0yNCw3ICsyNCw2IEBAIHR5cGVkZWYgc3RydWN0CiB7CiAJY2hhcgkgICAqaW47 CiAJY2hhcgkgICAqb3V0OwotCWludAkJCW91dGxlbjsKIAl1aW50MTYJCWZsYWdzOwogfSBTeW47 CiAKQEAgLTE4OSw3ICsxODgsNiBAQCBkc3lub255bV9pbml0KFBHX0ZVTkNUSU9OX0FSR1MpCiAJ CQlkLT5zeW5bY3VyXS5vdXQgPSBzdHJfdG9sb3dlcihzdGFydG8sIHN0cmxlbihzdGFydG8pLCBE RUZBVUxUX0NPTExBVElPTl9PSUQpOwogCQl9CiAKLQkJZC0+c3luW2N1cl0ub3V0bGVuID0gc3Ry bGVuKHN0YXJ0byk7CiAJCWQtPnN5bltjdXJdLmZsYWdzID0gZmxhZ3M7CiAKIAkJY3VyKys7CkBA IC0yMzcsNyArMjM1LDcgQEAgZHN5bm9ueW1fbGV4aXplKFBHX0ZVTkNUSU9OX0FSR1MpCiAJCVBH X1JFVFVSTl9QT0lOVEVSKE5VTEwpOwogCiAJcmVzID0gcGFsbG9jMF9hcnJheShUU0xleGVtZSwg Mik7Ci0JcmVzWzBdLmxleGVtZSA9IHBuc3RyZHVwKGZvdW5kLT5vdXQsIGZvdW5kLT5vdXRsZW4p OworCXJlc1swXS5sZXhlbWUgPSBwc3RyZHVwKGZvdW5kLT5vdXQpOwogCXJlc1swXS5mbGFncyA9 IGZvdW5kLT5mbGFnczsKIAogCVBHX1JFVFVSTl9QT0lOVEVSKHJlcyk7Ci0tIAoyLjQzLjAKCg== --=-1fwzXwdiT4l1FrpwRCpb--