rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-27 23:01:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
51,237 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
377c25d322
Go to file
Michael Paquier 377c25d322 Fix overread in JSON parsing errors for incomplete byte sequences 
json_lex_string() relies on pg_encoding_mblen_bounded() to point to the
end of a JSON string when generating an error message, and the input it
uses is not guaranteed to be null-terminated.

It was possible to walk off the end of the input buffer by a few bytes
when the last bytes consist of an incomplete multi-byte sequence, as
token_terminator would point to a location defined by
pg_encoding_mblen_bounded() rather than the end of the input.  This
commit switches token_terminator so as the error uses data up to the
end of the JSON input.

More work should be done so as this code could rely on an equivalent of
report_invalid_encoding() so as incorrect byte sequences can show in
error messages in a readable form.  This requires work for at least two
cases in the JSON parsing API: an incomplete token and an invalid escape
sequence.  A more complete solution may be too invasive for a backpatch,
so this is left as a future improvement, taking care of the overread
first.

A test is added on HEAD as test_json_parser makes this issue
straight-forward to check.

Note that pg_encoding_mblen_bounded() no longer has any callers.  This
will be removed on HEAD with a separate commit, as this is proving to
encourage unsafe coding.

Author: Jacob Champion
Discussion: https://postgr.es/m/CAOYmi+ncM7pwLS3AnKCSmoqqtpjvA8wmCdoBtKA3ZrB2hZG6zA@mail.gmail.com
Backpatch-through: 13
2024-05-09 12:45:51 +09:00
config Log LLVM library version in configure output. 2023-10-22 14:32:31 +13:00
contrib Make postgres_fdw request remote time zone 'GMT' not 'UTC'. 2024-04-21 13:46:20 -04:00
doc Release notes for 16.3, 15.7, 14.12, 13.15, 12.19. 2024-05-05 13:31:09 -04:00
src Fix overread in JSON parsing errors for incomplete byte sequences 2024-05-09 12:45:51 +09:00
.dir-locals.el
.editorconfig
.git-blame-ignore-revs
.gitattributes
.gitignore Add portlock directory to .gitignore 2022-11-26 07:47:16 -05:00
aclocal.m4
configure Stamp 13.15. 2024-05-06 16:26:10 -04:00
configure.in Stamp 13.15. 2024-05-06 16:26:10 -04:00
COPYRIGHT Update copyright for 2024 2024-01-03 20:49:04 -05:00
GNUmakefile.in Remove temporary portlock directory during make [dist]clean. 2022-11-26 10:30:58 -05:00
HISTORY
Makefile
README
README.git

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	https://www.postgresql.org/download/

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
https://www.postgresql.org/download/.  For more information look at our
web site located at https://www.postgresql.org/.