git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 24 Aug 2022 17:01:40 +0000 (13:01 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 24 Aug 2022 17:01:40 +0000 (13:01 -0400)
commit	599a487b093acb23ae1da7fe29eb0b6a4c26cc2c
tree	6f23dfb149f68aad6e91d86b134dc61ef1267a70	tree
parent	7951e0d7af98fabec9e9146b409b4c5636932d66	commit \| diff

Defend against stack overrun in a few more places.

SplitToVariants() in the ispell code, lseg_inside_poly() in geo_ops.c,
and regex_selectivity_sub() in selectivity estimation could recurse
until stack overflow; fix by adding check_stack_depth() calls.
So could next() in the regex compiler, but that case is better fixed by
converting its tail recursion to a loop. (We probably get better code
that way too, since next() can now be inlined into its sole caller.)

There remains a reachable stack overrun in the Turkish stemmer, but
we'll need some advice from the Snowball people about how to fix that.

Per report from Egor Chindyaskin and Alexander Lakhin. These mistakes
are old, so back-patch to all supported branches.

Richard Guo and Tom Lane

Discussion: https://postgr.es/m/1661334672.728714027@f473.i.mail.ru

src/backend/regex/regc_lex.c		diff \| blob \| blame \| history
src/backend/tsearch/spell.c		diff \| blob \| blame \| history
src/backend/utils/adt/geo_ops.c		diff \| blob \| blame \| history
src/backend/utils/adt/like_support.c		diff \| blob \| blame \| history