Re: Potential buffer overrun in spell.c's CheckAffix()
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Andrey Borodin <x4mmm@yandex-team.ru>
Cc: PostgreSQL mailing lists <pgsql-bugs@lists.postgresql.org>
Date: 2026-04-22T14:50:09Z
Lists: pgsql-bugs
Attachments
- v2-0001-Prevent-buffer-overrun-in-spell.c-s-CheckAffix.patch (text/x-diff) patch v2-0001
I wrote: > I suppose we could replace the strcpy with > memcpy(newword, word, len - Affix->replen); > and then we would not need the "len >= 2 * MAXNORMLEN" test > and both paths could share the same check. There's something > to be said for that, though it would be changing the logic to > a greater extent than just "add some safety checks". Concretely, about like this, where I also tried to make the actual byte-copying steps a bit more uniform. regards, tom lane
Commits
-
Prevent some buffer overruns in spell.c's parsing of affix files.
- ea5f0d176a9d 17.10 landed
- d7970e7e951b 19 (unreleased) landed
- 42383d32d78a 16.14 landed
- 21a24d709500 14.23 landed
- 0b196d3db713 15.18 landed
- 00c6e08195d5 18.4 landed
-
Prevent buffer overrun in spell.c's CheckAffix().
- 6cae0c2bd211 14.23 landed
- f852c9093fb0 15.18 landed
- 17f72e037f20 16.14 landed
- a5426dbf8415 17.10 landed
- c2bfeb3bbaa7 18.4 landed
- 844bb90d49f7 19 (unreleased) landed