git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Mon, 11 May 2026 12:13:47 +0000 (05:13 -0700)
committer	Noah Misch <noah@leadboat.com>
	Mon, 11 May 2026 12:13:47 +0000 (05:13 -0700)
commit	b2869ebc43bd0ce7c0e73a15730d77644aebaf8e
tree	5aa40cb0623c4804c3d66142b879a7d898a2f13b	tree \| snapshot
parent	a1063eecedf379de5dad73f9bd6e856ad5c114fb	commit \| diff

Fix integer-overflow and alignment hazards in locale-related code.

pg_locale_icu.c was full of places where a very long input string
could cause integer overflow while calculating a buffer size,
leading to buffer overruns.

It also was cavalier about using char-type local arrays as buffers
holding arrays of UChar. The alignment of a char[] variable isn't
guaranteed, so that this risked failure on alignment-picky platforms.
The lack of complaints suggests that such platforms are very rare
nowadays; but it's likely that we are paying a performance price on
rather more platforms. Declare those arrays as UChar[] instead,
keeping their physical size the same.

pg_locale_libc.c's strncoll_libc_win32_utf8() also had the
disease of assuming it could double or quadruple the input
string length without concern for overflow.

Reported-by: Xint Code
Reported-by: Pavel Kohout <pavel.kohout@aisle.com>
Author: Tom Lane <tgl@sss.pgh.pa.us>
Backpatch-through: 14
Security: CVE-2026-6473

src/backend/utils/adt/pg_locale_icu.c		diff \| blob \| blame \| history
src/backend/utils/adt/pg_locale_libc.c		diff \| blob \| blame \| history