> he security team has discussed 2197d06224a1 after a report from
> coverity regarding the effects that issues like [1] would create in
> the backend, and concluded that this patch should be reverted because
> this could cause the backend to waste plently of CPU and/or memory
> even if the application applied checks on the size of the data given
> in input, and libxml2 does not offer guarantees that input limits are
> respected under XML_PARSE_HUGE.
Thanks for info!
I agree that reverting a patch is a good idea if there are concerns
about server resources (XML is used by few users and there are even
fewer users who need to parse elements larger than 10Mb).
For such users it is better to create custom PostgreSQL build.
--
With best regards,
Dmitry Koval
Postgres Professional: http://postgrespro.com