- Notifications
You must be signed in to change notification settings - Fork4.9k
Commite757080
committed
Make pg_regexec() robust against out-of-range search_start.
If search_start is greater than the length of the string, we should justreturn REG_NOMATCH immediately. (Note that the equality case should*not* be rejected, since the pattern might be able to match zerocharacters.) This guards various internal assumptions that the min of arange of string positions is not more than the max. Violation of thoseassumptions could allow an attempt to fetch string[search_start-1],possibly causing a crash.Jaime Casanova pointed out that this situation is reachable with thenew regexp_xxx functions that accept a user-specified start position.I don't believe it's reachable via any in-core call site in v14 andbelow. However, extensions could possibly call pg_regexec with anout-of-range search_start, so let's back-patch the fix anyway.Discussion:https://postgr.es/m/20210911180357.GA6870@ahch-to1 parentc1b7a6c commite757080
1 file changed
+2
-0
lines changedLines changed: 2 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
200 | 200 | | |
201 | 201 | | |
202 | 202 | | |
| 203 | + | |
| 204 | + | |
203 | 205 | | |
204 | 206 | | |
205 | 207 | | |
| |||
0 commit comments
Comments
(0)