diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2021-09-11 15:19:31 -0400 | 
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2021-09-11 15:19:54 -0400 | 
| commit | 3adde7eb6633bea734c4513ebd96adca78b7737c (patch) | |
| tree | bc6be54d8bd3afed704ba9d1a88543309c3a7e84 /contrib/ltree_plpython/ltree_plpythonu.control | |
| parent | ba408fc960b6be83c8ac0d74f64c02116cd8bd4c (diff) | |
Make pg_regexec() robust against out-of-range search_start.
If search_start is greater than the length of the string, we should just
return REG_NOMATCH immediately.  (Note that the equality case should
*not* be rejected, since the pattern might be able to match zero
characters.)  This guards various internal assumptions that the min of a
range of string positions is not more than the max.  Violation of those
assumptions could allow an attempt to fetch string[search_start-1],
possibly causing a crash.
Jaime Casanova pointed out that this situation is reachable with the
new regexp_xxx functions that accept a user-specified start position.
I don't believe it's reachable via any in-core call site in v14 and
below.  However, extensions could possibly call pg_regexec with an
out-of-range search_start, so let's back-patch the fix anyway.
Discussion: https://postgr.es/m/20210911180357.GA6870@ahch-to
Diffstat (limited to 'contrib/ltree_plpython/ltree_plpythonu.control')
0 files changed, 0 insertions, 0 deletions
