> On 9 Sep 2024, at 17:29, Jacob Champion <jacob.champ...@enterprisedb.com> > wrote:
> pg_utf8_string_len() doesn't check the remaining string length before > calling pg_utf8_is_legal(), so there's a possibility of jumping a > couple of bytes past the end of the string. (The overread stops there, > because the function won't validate a sequence containing a null > byte.) > > Here's a quick patch to fix it. I didn't see any other uses of > pg_utf8_is_legal() with missing length checks. Just to make sure I understand, this is for guarding against overreads in validation of strings containing torn MB characters? Assuming I didn't misunderstand you this patch seems correct to me. -- Daniel Gustafsson
