Обсуждение: pgsql: Fix out-of-bounds read in json_lex_string

Fix out-of-bounds read in json_lex_string

Commit 3838fa269 added a lookahead loop to allow building strings multiple
bytes at a time. This loop could exit because it reached the end of input,
yet did not check for that before checking if we reached the end of a
valid string. To fix, put the end of string check back in the outer loop.

Per Valgrind animal skink

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/d3117fc1a3e87717a57be0153408e5387e265e1b

Modified Files
--------------
src/common/jsonapi.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)

On Tue, Jul 12, 2022 at 11:27 AM John Naylor <john.naylor@postgresql.org> wrote:
>
> Fix out-of-bounds read in json_lex_string

The failure on peripatus (FreeBSD HEAD) seems completely unrelated to
the changes in the commit:

ld: error: unable to find library -lldap_r
clang: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[3]: *** [../../../src/Makefile.shlib:258: libpq.so.5] Error 1


-- 
John Naylor
EDB: http://www.enterprisedb.com

John Naylor <john.naylor@enterprisedb.com> writes:
> On Tue, Jul 12, 2022 at 11:27 AM John Naylor <john.naylor@postgresql.org> wrote:
>> Fix out-of-bounds read in json_lex_string

> The failure on peripatus (FreeBSD HEAD) seems completely unrelated to
> the changes in the commit:
> ld: error: unable to find library -lldap_r

Agreed, that looks like some unrelated platform change.  Larry?

            regards, tom lane

I wrote:
> John Naylor <john.naylor@enterprisedb.com> writes:
>> ld: error: unable to find library -lldap_r

> Agreed, that looks like some unrelated platform change.  Larry?

Upon further thought, this looks like fallout from an upgrade to
OpenLDAP 2.5, which eliminated libldap_r.  That should be fine,
but you might need to blow away the animal's accache files to
make configure reconsider the situation.

            regards, tom lane

On 07/12/2022 1:07 am, Tom Lane wrote:
> I wrote:
>> John Naylor <john.naylor@enterprisedb.com> writes:
>>> ld: error: unable to find library -lldap_r
> 
>> Agreed, that looks like some unrelated platform change.  Larry?
> 
> Upon further thought, this looks like fallout from an upgrade to
> OpenLDAP 2.5, which eliminated libldap_r.  That should be fine,
> but you might need to blow away the animal's accache files to
> make configure reconsider the situation.
> 
>             regards, tom lane

I've killed the accache and ccache files, and it's flipped back to OK.
Yes, ports deprecated/removed openldap24 and replaced it with 
openldap26, and the host got
updated last night.
Sorry for the grief :)

-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: ler@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106