Hi all, pg_utf8_string_len() doesn't check the remaining string length before calling pg_utf8_is_legal(), so there's a possibility of jumping a couple of bytes past the end of the string. (The overread stops there, because the function won't validate a sequence containing a null byte.)
Here's a quick patch to fix it. I didn't see any other uses of pg_utf8_is_legal() with missing length checks. Thanks, --Jacob
pg_utf8_string_len-honor-null-terminators.patch
Description: Binary data
