]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 305c5ed) | patch
Avoid possibly accessing off the end of memory in SJIS2004 conversion.
authorTom Lane <tgl@sss.pgh.pa.us>
Tue, 6 Sep 2011 18:50:28 +0000 (14:50 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Tue, 6 Sep 2011 18:51:12 +0000 (14:51 -0400)
commitb2658c348eeb12d4cf87c21e05ddb5d97e4f043b
treea911fd8171f513ade1be95885639b4e52ea5112atree | snapshot
parent305c5ed6d7fbadac07a100939c4545bd21416552commit | diff
Avoid possibly accessing off the end of memory in SJIS2004 conversion.

The code in shift_jis_20042euc_jis_2004() would fetch two bytes even when
only one remained in the string.  Since conversion functions aren't
supposed to assume null-terminated input, this poses a small risk of
fetching past the end of memory and incurring SIGSEGV.  No such crash has
been identified in the field, but we've certainly seen the equivalent
happen in other code paths, so patch this one all the way back.

Report and patch by Noah Misch.
src/backend/utils/mb/conversion_procs/euc_jis_2004_and_shift_jis_2004/euc_jis_2004_and_shift_jis_2004.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.