Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit098c134

Browse files
committed
Fix buffer overrun in unicode string normalization with empty input
PostgreSQL 13 and newer versions are directly impacted by that throughthe SQL function normalize(), which would cause a call of this functionto write one byte past its allocation if using in input an emptystring after recomposing the string with NFC and NFKC. Older versions(v10~v12) are not directly affected by this problem as the only codepath using normalization is SASLprep in SCRAM authentication thatforbids the case of an empty string, but let's make the code more robustanyway there so as any out-of-core callers of this function are covered.The solution chosen to fix this issue is simple, with the addition of afast-exit path if the decomposed string is found as empty. This wouldonly happen for an empty string as at its lowest level a codepoint wouldbe decomposed as itself if it has no entry in the decomposition table orif it has a decomposition size of 0.Some tests are added to cover this issue in v13~. Note that an emptystring has always been considered as normalized (grammar "IS NF[K]{C,D}NORMALIZED", through the SQL function is_normalized()) for all theoperations allowed (NFC, NFD, NFKC and NFKD) since this feature has beenintroduced as of2991ac5. This behavior is unchanged but some tests areadded in v13~ to check after that.I have also checked "make normalization-check" in src/common/unicode/,while on it (works in 13~, and breaks in older stable branchesindependently of this commit).The release notes should just mention this commit for v13~.Reported-by: Matthijs van der VleutenDiscussion:https://postgr.es/m/17277-0c527a373794e802@postgresql.orgBackpatch-through: 10
1 parent9ff47ea commit098c134

File tree

3 files changed

+17
-3
lines changed

3 files changed

+17
-3
lines changed

‎src/common/unicode_norm.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -439,6 +439,10 @@ unicode_normalize(UnicodeNormalizationForm form, const pg_wchar *input)
439439
decomp_chars[decomp_size]='\0';
440440
Assert(decomp_size==current_size);
441441

442+
/* Leave if there is nothing to decompose */
443+
if (decomp_size==0)
444+
returndecomp_chars;
445+
442446
/*
443447
* Now apply canonical ordering.
444448
*/

‎src/test/regress/expected/unicode.out

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,12 @@ SELECT U&'\0061\0308bc' <> U&'\00E4bc' COLLATE "C" AS sanity_check;
88
t
99
(1 row)
1010

11+
SELECT normalize('');
12+
normalize
13+
-----------
14+
15+
(1 row)
16+
1117
SELECT normalize(U&'\0061\0308\24D1c') = U&'\00E4\24D1c' COLLATE "C" AS test_default;
1218
test_default
1319
--------------
@@ -67,15 +73,17 @@ FROM
6773
(VALUES (1, U&'\00E4bc'),
6874
(2, U&'\0061\0308bc'),
6975
(3, U&'\00E4\24D1c'),
70-
(4, U&'\0061\0308\24D1c')) vals (num, val)
76+
(4, U&'\0061\0308\24D1c'),
77+
(5, '')) vals (num, val)
7178
ORDER BY num;
7279
num | val | nfc | nfd | nfkc | nfkd
7380
-----+-----+-----+-----+------+------
7481
1 | äbc | t | f | t | f
7582
2 | äbc | f | t | f | t
7683
3 | äⓑc | t | f | f | f
7784
4 | äⓑc | f | t | f | f
78-
(4 rows)
85+
5 | | t | t | t | t
86+
(5 rows)
7987

8088
SELECT is_normalized('abc', 'def'); -- run-time error
8189
ERROR: invalid normalization form: def

‎src/test/regress/sql/unicode.sql

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ SELECT getdatabaseencoding() <> 'UTF8' AS skip_test \gset
55

66
SELECT U&'\0061\0308bc'<> U&'\00E4bc' COLLATE"C"AS sanity_check;
77

8+
SELECT normalize('');
89
SELECT normalize(U&'\0061\0308\24D1c')= U&'\00E4\24D1c' COLLATE"C"AS test_default;
910
SELECT normalize(U&'\0061\0308\24D1c', NFC)= U&'\00E4\24D1c' COLLATE"C"AS test_nfc;
1011
SELECT normalize(U&'\00E4bc', NFC)= U&'\00E4bc' COLLATE"C"AS test_nfc_idem;
@@ -26,7 +27,8 @@ FROM
2627
(VALUES (1, U&'\00E4bc'),
2728
(2, U&'\0061\0308bc'),
2829
(3, U&'\00E4\24D1c'),
29-
(4, U&'\0061\0308\24D1c')) vals (num, val)
30+
(4, U&'\0061\0308\24D1c'),
31+
(5,'')) vals (num, val)
3032
ORDER BY num;
3133

3234
SELECT is_normalized('abc','def');-- run-time error

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp