Hi Kirill
On 20/03/2026 18:33, Kirill Reshke wrote:
> We discussed this patch off-list with Andrey @x4mmm in sight of
> CVE-2026-2006. Looks like this patch is not vulnerable, and its use of
> pg_mbcliplen are correct.
Thanks for checking!
I spent some time revisiting this patch today and realised that it only
applied truncation in exec_simple_query. I believe the original intent
of this feature was to cover other paths as well, so I added the same
logic in exec_execute_message (which handles log_statement logging for
the extended query protocol), and in exec_parse_message and
exec_bind_message (which log statement text when
log_min_duration_statement fires).
v9 attached.
Thoughts on this approach?
Best, Jim
