Hello,

I found wrong definitions of max bytes for a char in
EUC_CN (3->2), EUC_TW (3->4) and MULE_INTERNAL (3->4).

Especially, EUC_TW and MULE_INTERNAL might cause problems.
Their pg_*_mblen could have returned values larger than their maxmblen.
I'm worrying that it leads buffer overrun.


Index: src/backend/utils/mb/wchar.c
===================================================================
--- src/backend/utils/mb/wchar.c        (head)
+++ src/backend/utils/mb/wchar.c        (working copy)
@@ -1314,12 +1314,12 @@
 pg_wchar_tbl pg_wchar_table[] = {
        {pg_ascii2wchar_with_len, pg_ascii_mblen, pg_ascii_dsplen, 
pg_ascii_verifier, 1},       /* 0; PG_SQL_ASCII      */
        {pg_eucjp2wchar_with_len, pg_eucjp_mblen, pg_eucjp_dsplen, 
pg_eucjp_verifier, 3},       /* 1; PG_EUC_JP */
-       {pg_euccn2wchar_with_len, pg_euccn_mblen, pg_euccn_dsplen, 
pg_euccn_verifier, 3},       /* 2; PG_EUC_CN */
+       {pg_euccn2wchar_with_len, pg_euccn_mblen, pg_euccn_dsplen, 
pg_euccn_verifier, 2},       /* 2; PG_EUC_CN */
        {pg_euckr2wchar_with_len, pg_euckr_mblen, pg_euckr_dsplen, 
pg_euckr_verifier, 3},       /* 3; PG_EUC_KR */
-       {pg_euctw2wchar_with_len, pg_euctw_mblen, pg_euctw_dsplen, 
pg_euctw_verifier, 3},       /* 4; PG_EUC_TW */
+       {pg_euctw2wchar_with_len, pg_euctw_mblen, pg_euctw_dsplen, 
pg_euctw_verifier, 4},       /* 4; PG_EUC_TW */
        {pg_johab2wchar_with_len, pg_johab_mblen, pg_johab_dsplen, 
pg_johab_verifier, 3},       /* 5; PG_JOHAB */
        {pg_utf2wchar_with_len, pg_utf_mblen, pg_utf_dsplen, pg_utf8_verifier, 
4},      /* 6; PG_UTF8 */
-       {pg_mule2wchar_with_len, pg_mule_mblen, pg_mule_dsplen, 
pg_mule_verifier, 3},           /* 7; PG_MULE_INTERNAL */
+       {pg_mule2wchar_with_len, pg_mule_mblen, pg_mule_dsplen, 
pg_mule_verifier, 4},           /* 7; PG_MULE_INTERNAL */
        {pg_latin12wchar_with_len, pg_latin1_mblen, pg_latin1_dsplen, 
pg_latin1_verifier, 1},           /* 8; PG_LATIN1 */
        {pg_latin12wchar_with_len, pg_latin1_mblen, pg_latin1_dsplen, 
pg_latin1_verifier, 1},           /* 9; PG_LATIN2 */
        {pg_latin12wchar_with_len, pg_latin1_mblen, pg_latin1_dsplen, 
pg_latin1_verifier, 1},           /* 10; PG_LATIN3 */

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center


---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

Reply via email to