forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commit098c134
committed
Fix buffer overrun in unicode string normalization with empty input
PostgreSQL 13 and newer versions are directly impacted by that throughthe SQL function normalize(), which would cause a call of this functionto write one byte past its allocation if using in input an emptystring after recomposing the string with NFC and NFKC. Older versions(v10~v12) are not directly affected by this problem as the only codepath using normalization is SASLprep in SCRAM authentication thatforbids the case of an empty string, but let's make the code more robustanyway there so as any out-of-core callers of this function are covered.The solution chosen to fix this issue is simple, with the addition of afast-exit path if the decomposed string is found as empty. This wouldonly happen for an empty string as at its lowest level a codepoint wouldbe decomposed as itself if it has no entry in the decomposition table orif it has a decomposition size of 0.Some tests are added to cover this issue in v13~. Note that an emptystring has always been considered as normalized (grammar "IS NF[K]{C,D}NORMALIZED", through the SQL function is_normalized()) for all theoperations allowed (NFC, NFD, NFKC and NFKD) since this feature has beenintroduced as of2991ac5. This behavior is unchanged but some tests areadded in v13~ to check after that.I have also checked "make normalization-check" in src/common/unicode/,while on it (works in 13~, and breaks in older stable branchesindependently of this commit).The release notes should just mention this commit for v13~.Reported-by: Matthijs van der VleutenDiscussion:https://postgr.es/m/17277-0c527a373794e802@postgresql.orgBackpatch-through: 101 parent9ff47ea commit098c134
File tree
3 files changed
+17
-3
lines changed- src
- common
- test/regress
- expected
- sql
3 files changed
+17
-3
lines changedLines changed: 4 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
439 | 439 | | |
440 | 440 | | |
441 | 441 | | |
| 442 | + | |
| 443 | + | |
| 444 | + | |
| 445 | + | |
442 | 446 | | |
443 | 447 | | |
444 | 448 | | |
| |||
Lines changed: 10 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
11 | 17 | | |
12 | 18 | | |
13 | 19 | | |
| |||
67 | 73 | | |
68 | 74 | | |
69 | 75 | | |
70 | | - | |
| 76 | + | |
| 77 | + | |
71 | 78 | | |
72 | 79 | | |
73 | 80 | | |
74 | 81 | | |
75 | 82 | | |
76 | 83 | | |
77 | 84 | | |
78 | | - | |
| 85 | + | |
| 86 | + | |
79 | 87 | | |
80 | 88 | | |
81 | 89 | | |
Lines changed: 3 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| 8 | + | |
8 | 9 | | |
9 | 10 | | |
10 | 11 | | |
| |||
26 | 27 | | |
27 | 28 | | |
28 | 29 | | |
29 | | - | |
| 30 | + | |
| 31 | + | |
30 | 32 | | |
31 | 33 | | |
32 | 34 | | |
0 commit comments
Comments
(0)