On Thu, Mar 19, 2026 at 7:36 AM Dagfinn Ilmari Mannsåker
<ilmari@ilmari.org> wrote:
>
> Masahiko Sawada <sawada.mshk@gmail.com> writes:
>
> > I've made some minor changes to both patches (e.g., rewording the
> > documentation changes and commit messages etc), and attached the
> > updated patches.
> >
> > I'm going to push these patches unless there is no further comment.
>
> Just one minor nitpick on my patch, which is that it should use
> palloc_object(), which I wasn't aware of when I wrote it originally.
>
> > diff --git a/src/backend/utils/adt/bytea.c b/src/backend/utils/adt/bytea.c
> > index fd7662d41ee..4dc83671aa5 100644
> > --- a/src/backend/utils/adt/bytea.c
> > +++ b/src/backend/utils/adt/bytea.c
> [...]
> > + if (len != UUID_LEN)
> > + ereport(ERROR,
> > + (errcode(ERRCODE_INVALID_BINARY_REPRESENTATION),
> > + errmsg("invalid input length for type %s", "uuid"),
> > + errdetail("Expected %d bytes, got %d.", UUID_LEN, len)));
> > +
> > + uuid = (pg_uuid_t *) palloc(sizeof(pg_uuid_t));
>
> this should be:
>
> + uuid = palloc_object(pg_uuid_t);
>
> > + memcpy(uuid->data, VARDATA_ANY(v), UUID_LEN);
> > + PG_RETURN_UUID_P(uuid);
> > +}
> > +
Good catch. I've pushed the 0001 patch after incorporating this change.
For 0002 patch, I don't push it yet as I've found a bug in the
decoding code during the self-review:
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("invalid symbol \"%.*s\" found while
decoding base32hex sequence",
+ pg_mblen((const char *) &c), (const char *) &c)));
We should not use pg_mblen() anymore (c.f., CVE-2026-2006). And since
'c' is just a single byte on the stack, it leads to a buffer over-read
if the invalid character is a multi-byte character.
Also, a small nitpick is that we can use uint32 instead of uint64 for
'bits_buffer'. I've attached the updated patch as well as the
difference from the previous version.
Regards,
--
Masahiko Sawada
Amazon Web Services: https://aws.amazon.com
