Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVWvn-0021jZ-1w for pgsql-hackers@arkaria.postgresql.org; Fri, 05 Jun 2026 15:57:59 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wVWvm-00DES4-19 for pgsql-hackers@arkaria.postgresql.org; Fri, 05 Jun 2026 15:57:58 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVWvl-00DERu-1d for pgsql-hackers@lists.postgresql.org; Fri, 05 Jun 2026 15:57:58 +0000 Received: from fout-a4-smtp.messagingengine.com ([103.168.172.147]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wVWvj-00000001GHi-0we6 for pgsql-hackers@postgresql.org; Fri, 05 Jun 2026 15:57:56 +0000 Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45]) by mailfout.phl.internal (Postfix) with ESMTP id A78B4EC01EC; Fri, 5 Jun 2026 11:57:53 -0400 (EDT) Received: from phl-imap-15 ([10.202.2.104]) by phl-compute-05.internal (MEProxy); Fri, 05 Jun 2026 11:57:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=partin.io; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1780675073; x=1780761473; bh=4DHUvpFr2mmSG6EQW47I4YIk+oRPwTzt0V9M3CMZsTc=; b= V/rm7iaSKZWD1uFEwhkZFVpocGY6h/YZLF/ayUbtXGs4odGhTYhcZjtCU26/Im/d WVHWJf8hiyJqmXJde4sNBHhTUtE5Mw/TPcCDj/5EAJOUDEIaRi+FTUX+MmO+eiyX lmAPBxxYRtO7NQ1n2/5xTJrkhp3F58w1T9P+SM0lQ1qEL5NeBdy9358TPjbeaqNo f25aeH6nfT270Yqq8+a3JNjd9frt0Soj94tuyeRfQEK3IEbFEWLpa448oy4fiv00 Zit/gJbsoFGPYqOisyMswZkJk9fOK9k+jPF92ejuQlAGhjx7c/JrNjFdU2xPL+eM jI74KExHdapUJgU/B0Skkw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1780675073; x= 1780761473; bh=4DHUvpFr2mmSG6EQW47I4YIk+oRPwTzt0V9M3CMZsTc=; b=f S/NmkM5JRP42DggCvQgf/M48iXst7ShrBtUjKuy4g9Qbvi1E+qeMEaoxIDblMMtw M9WvZaD3zBWax0YMr4j99g8yYfaMn0XYz9TDPBGe/gUe8EknC4cCdg0Tte0y/aZB wIo+PwsReoQBMNvE6fvApv1OowNukPXwJ0JckpBm4qqbrE/kh7vmpyhHRzev7Hgo 1E4DvVszb6zCx+5WhqqgXWm7MQhuW4piVhIJ0VPkzT5twoI4Pcbh/qU6v0Q5u1S3 FgO46+4+33bUc+64Xs60A9w2BpvHFArfUXWiyLDwCgqYiwbJqhYQC2I8CkGB9aXm xAptZd5LHAeayKPDMCrKA== X-ME-Sender: X-ME-Proxy-Cause: dmFkZTFvAmVWTe5IVgU72jus6yg4BJIpdWEPZ1OYescrJuoGpR0bINtI4W21Ck+xfLyHe6 jo9fDhyQJAzHtdslyAdTu1+i/pZUjyaQ+FKXqRNalsV4hcHM0iiW1uhEPOZvp4OmTp9ozI 4S/Ayymr944LXA9nDioFa811zh+URLHDw6siL3O4dg+jqn6CZDeKT5YxdPLFC2ombkk4My NETbAvmaRGZ7qrFOQxCbTY1P6itIjcZifodR6AfAN6ttRJHX1b09nsnW9meM2s/nBqdRO/ j+JVhRggEHM2X5iwu7HELcIT54PTzbkAaaJTi+8DcYJglmCwdBvD0Z/XohnLuNIIqDCGhm kOYVHqOy0+HNbFm5tkKXDhcqbuPtzbTeLhwDi/X19Ojx/6Z8OsEYJDdzCxpMjKDXcAPkof CbzajGsSWCC7pZPB7vadmG4mSt3/rGmM8JkuLpg4CVinkv5MFu7gsQKAipKyMyLgLWIpRF 3uV1uIQIBZrmZwxn+tNs5Tvvd3gVFrEh8cF96YyjYx2q6Cdk2RVeLbX6uyXnGuuPZTZdC4 mXWMN7p7jD7lMh5SMF9tmoU5+3FHlT6068FYtGBSszjjhM1ap79bbKAYMbJOB5D7ZkMWfJ SrmqYBMs4zfcSxV6oVJOb+yLXOSAWAF/qxCcu98h985dZLx2IzDD3LukXhNQ X-ME-Proxy: Feedback-ID: idd01497b:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 5F32A780075; Fri, 5 Jun 2026 11:57:53 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 05 Jun 2026 15:57:53 +0000 Message-Id: Cc: "pgsql-hackers" Subject: Re: dict_synonym.c: fix truncation of multibyte sequence To: "Jeff Davis" From: "Tristan Partin" X-Mailer: aerc 0.21.0 References: <1101e1a3afbbabb503317069c40374b82e6f4cac.camel@j-davis.com> In-Reply-To: <1101e1a3afbbabb503317069c40374b82e6f4cac.camel@j-davis.com> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu Jun 4, 2026 at 10:07 PM UTC, Jeff Davis wrote: > > If case_sensitive is false and str_tolower() changes the byte length of > the string, then outlen will be incorrect. > > Fortunately, pnstrdup() also stops at a NUL terminator, so it will > never overrun; but if outlen is calculated to be too small, then it > could cause truncation. In any case, the input comes from a trusted > source (dictionary configuration), so it's not very serious. > > The correct value of outlen is strlen(d->syn[cur].out). But it's only > ever used in one place, which is a call to pnstrdup(). Given that the > string is NUL-terminated anyway, it's easier to fix it by just changing > that to a pstrdup(). Patch attached, backpatch all the way. The fix looks and sounds good. Do we have any way to test this, so it=20 doesn't regress in the future? Do we need to export a module to test=20 through SQL? --=20 Tristan Partin PostgreSQL Contributors Team AWS (https://aws.amazon.com)