Home > mailing lists

pgsql: Fix incremental JSON parser numeric token reassembly across chun - Mailing list pgsql-committers

From	Andrew Dunstan
Subject	pgsql: Fix incremental JSON parser numeric token reassembly across chun
Date	April 10 17:21:48
Msg-id	E1wBCk0-000JOZ-0i@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Fix incremental JSON parser numeric token reassembly across chunks.

When the incremental JSON parser splits a numeric token across chunk
boundaries, it accumulates continuation characters into the partial
token buffer.  The accumulator's switch statement unconditionally
accepted '+', '-', '.', 'e', and 'E' as valid numeric continuations
regardless of position, which violated JSON number grammar
(-? int [frac] [exp]).  For example, input "4-" fed in single-byte
chunks would accumulate the '-' into the numeric token, producing an
invalid token that later triggered an assertion failure during
re-lexing.

Fix by tracking parser state (seen_dot, seen_exp, prev character)
across the existing partial token and incoming bytes, so that each
character class is accepted only in its grammatically valid position.

Backpatch-through: 17

Branch
------
REL_18_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/3e4955630292a7eb38f5fb3c6c5685623088ffd1

Modified Files
--------------
src/common/jsonapi.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 55 insertions(+), 6 deletions(-)

pgsql-committers by date:

From: Fujii Masao
Date: 10 April, 17:00:35
Subject: pgsql: Adjust log level of logical decoding messages by context

From: Andrew Dunstan
Date: 10 April, 17:39:44
Subject: pgsql: Fix heap-buffer-overflow in pglz_decompress() on corrupt input.

pgsql: Fix incremental JSON parser numeric token reassembly across chun - Mailing list pgsql-committers

Previous

Next