Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wcyLm-003nCb-16 for pgsql-hackers@arkaria.postgresql.org; Fri, 26 Jun 2026 04:39:34 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wcyLk-008lqQ-2f for pgsql-hackers@arkaria.postgresql.org; Fri, 26 Jun 2026 04:39:32 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wcyLk-008lqH-1m for pgsql-hackers@lists.postgresql.org; Fri, 26 Jun 2026 04:39:32 +0000 Received: from mail-pj1-x1029.google.com ([2607:f8b0:4864:20::1029]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wcyLg-00000000J74-0LE3 for pgsql-hackers@postgresql.org; Fri, 26 Jun 2026 04:39:31 +0000 Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-37de8c6a2b6so404742a91.0 for ; Thu, 25 Jun 2026 21:39:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782448766; x=1783053566; darn=postgresql.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=vWMGdYbW1rXlbpPz1n0dTtGF5oEtKwsDBk534cZNwIw=; b=jFzRUGVGhBft6PMZ1lYSRso7fm6NyyO6okd2vwnqcSs8lFHNNOqkL7Ia3VwJzdcAVA s4KhyzFO87L5PAoxuwHNmKycBS7rgt/qO+sHMYPkIzjadQchSd9mqn5eBzCUCw4AkYuS t4jD7X/XqgN6FqLPLyM3Mk85iKsa+lvyYuFeEc6ALnlFlkQnMmIVycQhh6CQDLL5C1/T 3PTQKvoKi4mkmRIl0gHWzx8Hb4raaNkTBz/oBO1F1LlZGGV4zJ6PAqQwJC69zxz8mI48 0nHjgSs3fNpfwppNir57cCF2w1nfLIdETGfcer8v4VffGHadC2SopB9timkZWxkKBDqt /hUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782448766; x=1783053566; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=vWMGdYbW1rXlbpPz1n0dTtGF5oEtKwsDBk534cZNwIw=; b=ncCPv1I6tB35Lkk0c6r2iHP0purRM49xX5bAu1K+ab9pVobOjueJ3BVXzwxESP65ZU A5NJVwW2gFWwmwnSW87SIgkEmVpnOYgCRCHPUumiK8xDy+o4vDHVtwn8AHyIVTAfHWsV IsqM7cNHxvk/HxoNVO3AJ69+AKKPEex7jAWEtpR8LUawm1xZHa14wT3t8zepJnZDDI7x A95m6KKzi4bDouhgSVsGRobwmyeONEdQ7xmeUbNr4DBTpFNu7G4qKn1uB1Mg/vSo+jvM A2yNtT+w4EKorp36Vg6TtSOHzSYqNB2ciI2vnI3Cli7pZ/d6Aj1UkbNe72Ip3JYt4/Bj a8FA== X-Gm-Message-State: AOJu0YxeJ1L8QKUiE59XGMDVFa+fMfAyHGB/sqFdT6S33RAvYpr0qh0e SPj1kEfc1OQStj94StoOYa3Ox97DxEx7XTllCGS/RyPFFsoTgj9QRPpgsrN7Nw== X-Gm-Gg: AfdE7cl+DZ4vtWoeoGAHwV6b/hle3DbUW/EkUycI2W9B8givuGPMtKumPy82vZZkwMZ xEKrdfkZwR+hvzpC4S8AcTsuFp0r4iOaZNOJgMqfXyM0mHHYfKbvE2N+Lta9YfwFMUzTAb14Vym 3aLlH2Nto2B5ank+9gEtmkT4C0Q96Htx9cuQJqaTeescFjltdS9TyL0QxacI7PD4E7//en9ILqv WUGPWn1woLOeQMxjFUDRi3s03ksO09AZn7tK9ED0JuZKvVDAut1VnjobR696cngryit0/+3AM88 2ivypOxITikGzXVCTXDIa09C8Kgr5zqcVICgVD38JDZV6nSsvi6fwFXJcmyMayjNa3aAqvAeP5d +G1oiLJ2534n/573zgcq4HgqoL2vji+NgtU0vlI5NPSEu7BlUaKQyvI3LUn5HJxP6e4Z3yQulBh AN07QJlYHik4uUlWJg6ODY/g== X-Received: by 2002:a17:90b:1c8e:b0:36a:f612:e6a3 with SMTP id 98e67ed59e1d1-37dfa23176fmr5510045a91.17.1782448765754; Thu, 25 Jun 2026 21:39:25 -0700 (PDT) Received: from smtpclient.apple ([185.135.79.125]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-37e1277e41bsm233956a91.0.2026.06.25.21.39.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jun 2026 21:39:24 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\)) Subject: Re: Small patch to improve safety of utf8_to_unicode(). From: Chao Li In-Reply-To: <0cedb517aee8b79b8e31a4e42885ed88c2a67c5f.camel@j-davis.com> Date: Fri, 26 Jun 2026 12:38:49 +0800 Cc: pgsql-hackers@postgresql.org Content-Transfer-Encoding: quoted-printable Message-Id: <16CAD4DB-9D4A-481A-BB4E-78775C4F4B2C@gmail.com> References: <541F240E-94AD-4D65-9794-7D6C316BC3FF@gmail.com> <313BCA0E-2E74-4EB6-9AA8-10DB7F439151@gmail.com> <592441c1d871a4ed0ac1708e132f447caa35869c.camel@j-davis.com> <3058CAA1-40E0-4098-893B-615F77CD35E1@gmail.com> <0cedb517aee8b79b8e31a4e42885ed88c2a67c5f.camel@j-davis.com> To: Jeff Davis X-Mailer: Apple Mail (2.3864.600.51.1.1) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On Jun 26, 2026, at 01:38, Jeff Davis wrote: >=20 > On Thu, 2026-06-25 at 12:10 +0800, Chao Li wrote: >> This uses the second byte, \x20, without validating. So it looks like >> the patch prevents reading past the end of the string, but it may not >> fully defend against invalid UTF-8 sequences. >=20 > Correct. We don't do full UTF8 validation until the last patch in the > series, which is not being backported. >=20 Sounds like 0001 will be back patched. In that case, the commit message = "defend against invalid UTF8=E2=80=9D seems too broad. Does it make = sense to add some brief description about the defend behavior to the = function header comment and the commit message? Then I continue to review 0002-0005: 0002 - overall looks good. A small comment is: ``` + for (int i =3D offset; i > 0;) + for (int i =3D offset + ulen; i < len;) ``` As offset is of type size_t, the loop variable i is better to be size_t. 0003 - looks good. 0004 - looks good. This commit introduces a new helper utf8decode() that = will resolve my previous concern on 0001. 0005 - Mostly looks good. This commit applies the new help and my = previous concern is resolved. But from what you talked, I guess 0004 and = 0005 will only be pushed to HEAD. Just one tiny comment on 0005: ``` + /* invalid UTF8: surrogates */ + needed =3D unicode_strfold(NULL, 0, "abc\xED\xA0\x81xyz", 7, = &consumed, false); + Assert(needed =3D=3D 3 && consumed =3D=3D 3); ``` This test passes a 10-char string but uses 7 as srclen. I know that = doesn=E2=80=99t affect the test result, but it just adds unnecessary = confusion to readers. So maybe change 7 to 10 to reflect to the real = string length. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/