Re: Bug in UTF8-Validation Code?

Jeff Davis <pgsql@j-davis.com> wrote:

> Some people think it's a bug, some people don't. It is technically
> documented behavior, but I don't think the documentation is clear
> enough. I think it is a bug that should be fixed, and here's another
> message in the thread that expresses my opinion:

Agreed. I think it is a bug, too.
Insertion of invalid characters makes read queries busted.

$ initdb --encoding=utf8
# CREATE TABLE test (t text);
# INSERT INTO test VALUES('A');
# SELECT * FROM test;t
---A
(1 row)

# INSERT INTO test VALUES(E'\200');
# SELECT * FROM test;
ERROR:  invalid byte sequence for encoding "UTF8": 0x80
HINT:  This error can also happen if the byte sequence does not match the
encoding expected by the server, which is cont rolled by "client_encoding".


Could it lead to DoS?
http://www.postgresql.org/support/security
| [D] A vulnerability that is exploitable for denial-of-service,
| but requiring a valid prior login. 

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center