- Notifications
You must be signed in to change notification settings - Fork5
Commit623f77e
committed
Avoid possibly accessing off the end of memory in SJIS2004 conversion.
The code in shift_jis_20042euc_jis_2004() would fetch two bytes even whenonly one remained in the string. Since conversion functions aren'tsupposed to assume null-terminated input, this poses a small risk offetching past the end of memory and incurring SIGSEGV. No such crash hasbeen identified in the field, but we've certainly seen the equivalenthappen in other code paths, so patch this one all the way back.Report and patch by Noah Misch.1 parent780a342 commit623f77e
File tree
1 file changed
+4
-4
lines changed- src/backend/utils/mb/conversion_procs/euc2004_sjis2004
1 file changed
+4
-4
lines changedLines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
218 | 218 | | |
219 | 219 | | |
220 | 220 | | |
221 | | - | |
222 | | - | |
| 221 | + | |
223 | 222 | | |
224 | 223 | | |
225 | 224 | | |
| |||
229 | 228 | | |
230 | 229 | | |
231 | 230 | | |
232 | | - | |
233 | 231 | | |
234 | 232 | | |
235 | 233 | | |
| |||
245 | 243 | | |
246 | 244 | | |
247 | 245 | | |
248 | | - | |
| 246 | + | |
249 | 247 | | |
250 | 248 | | |
251 | 249 | | |
| |||
257 | 255 | | |
258 | 256 | | |
259 | 257 | | |
| 258 | + | |
| 259 | + | |
260 | 260 | | |
261 | 261 | | |
262 | 262 | | |
| |||
0 commit comments
Comments
(0)