From: Robert Haas <rhaas@postgresql.org>
Date: Fri, 29 May 2026 17:25:20 +0000 (-0400)
Subject: pg_stash_advice: Reject overlong stash names in dump file.
X-Git-Tag: REL_19_BETA1~21
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=878839bafe259e6df355e7adc5a040a1541b63b8;p=thirdparty%2Fpostgresql.git

pg_stash_advice: Reject overlong stash names in dump file.

Otherwise, the server will crash. This can only happen if the dump
file has been corrupted or manually altered, but we should still
defend against it.

Reported-by: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
Co-authored-by: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
Co-authored-by: Robert Haas <rhaas@postgresql.org>
Discussion: http://postgr.es/m/CAJTYsWWYhcEx1YqC=B331-Df9EpD8MxzwswWL0okz9LLCUUpBA@mail.gmail.com
---

diff --git a/contrib/pg_stash_advice/stashpersist.c b/contrib/pg_stash_advice/stashpersist.c
index 008f8d25b48..5bdf4bddaae 100644
--- a/contrib/pg_stash_advice/stashpersist.c
+++ b/contrib/pg_stash_advice/stashpersist.c
@@ -374,6 +374,13 @@ pgsa_read_from_disk(void)
 						 errmsg("syntax error in file \"%s\" line %u: expected end of line",
 								PGSA_DUMP_FILE, lineno)));
 
+			/* Reject overlong stash names. */
+			if (strlen(name) >= NAMEDATALEN)
+				ereport(ERROR,
+						(errcode(ERRCODE_DATA_CORRUPTED),
+						 errmsg("syntax error in file \"%s\" line %u: stash name too long",
+								PGSA_DUMP_FILE, lineno)));
+
 			/* Duplicate check. */
 			(void) pgsa_saved_stash_table_insert(saved_stashes, name, &found);
 			if (found)