Re: BUG #2895: Private Use Unicode character crashes server when using ILIKE

I wrote:
> I'm surprised we've not seen reports of other problems.  The lack of
> crash in 8.2 is because iwchareq went away completely, but that's
> certainly not the only place doing conversions to pg_wchar and expecting
> the result to fit in a prespecified buffer ...

Actually, it looks like all the other places that use mb2wchar allocate
a buffer with more pg_wchar's than there are bytes in the input, and so
overrun is impossible even with the breakage in pg_utf2wchar_with_len.
The only exception I see in CVS HEAD is sqlchar_to_unicode() in xml.c,
which is new code as of 8.3devel anyway.  So we don't appear to have
a serious security issue as I first feared --- the worst that can
happen is a crash like this when iwchareq's return address is
overwritten with a zero, and even that is only in pre-8.2.

Nonetheless, the code is certainly giving wrong answers for 4-byte
characters.  Will go fix...

            regards, tom lane