Re: Potential buffer overrun in spell.c's CheckAffix()
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: pgsql-bugs@lists.postgresql.org
Date: 2026-04-21T22:35:09Z
Lists: pgsql-bugs
Attachments
- v1-0001-Prevent-some-buffer-overruns-in-spell.c-s-parsing.patch (text/x-diff) patch v1-0001
Further to that ... I found another item in the pgsql-security archives concerning a buffer overrun in ispell affix-file parsing, which we had likewise deemed not a security vulnerability because text search configuration files are assumed trustworthy. But if we're going to tighten up CheckAffix() then it's pretty silly not to fix these issues too. regards, tom lane
Commits
-
Prevent some buffer overruns in spell.c's parsing of affix files.
- ea5f0d176a9d 17.10 landed
- d7970e7e951b 19 (unreleased) landed
- 42383d32d78a 16.14 landed
- 21a24d709500 14.23 landed
- 0b196d3db713 15.18 landed
- 00c6e08195d5 18.4 landed
-
Prevent buffer overrun in spell.c's CheckAffix().
- 6cae0c2bd211 14.23 landed
- f852c9093fb0 15.18 landed
- 17f72e037f20 16.14 landed
- a5426dbf8415 17.10 landed
- c2bfeb3bbaa7 18.4 landed
- 844bb90d49f7 19 (unreleased) landed