Re: prevent invalidly encoded input
| От | Tom Lane |
|---|---|
| Тема | Re: prevent invalidly encoded input |
| Дата | |
| Msg-id | 8523.1189566316@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: prevent invalidly encoded input (Andrew Dunstan <andrew@dunslane.net>) |
| Ответы |
Re: prevent invalidly encoded input
|
| Список | pgsql-patches |
Andrew Dunstan <andrew@dunslane.net> writes:
> Tom Lane wrote:
>> Also, I'd kinda like to have the check-for-high-bit optimization in
>> scan.l too --- some people do throw big literals at the thing.
>>
> OK, will do. Am I correct in thinking I don't need to worry about the
> <xeescape> case, only the <xeoctesc> and <xehexesc> cases?
[ squint ... ] Hm, wouldn't bet on it. That leads to
unescape_single_char(), which is fine for the cases that it explicitly
knows about (\b and so on), but what if the following byte has the
high bit set? Not only would that pass through a high bit to the
output, but very possibly this results in disassembling a multibyte
input character.
So it looks like you need to recheck if unescape_single_char sees a
high-bit-set char.
You should take a second look at the COPY code to see if there's a
similar case there --- I forget what it does with backslash followed
by non-digit.
regards, tom lane
В списке pgsql-patches по дате отправления: