From 9d9a13917f53de690d70dcfb62adb1f0c5acad2a Mon Sep 17 00:00:00 2001 From: Andreas Karlsson Date: Wed, 1 Apr 2026 02:39:09 +0200 Subject: [PATCH v1] Fix overrun when comparing with unterminated ICU language string When uloc_getLanguage() returns an unterminated string when the language is too long to fit in our buffer, in this case 3 bytes. This could cause a later strcmp() to read outside the buffer. Since this is not a performance cirtical code path just increase the buffer size to ULOC_LANG_CAPACITY to match the code on fix_icu_locale_str() instead of trying to do something clever. --- src/backend/utils/adt/pg_locale_icu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/utils/adt/pg_locale_icu.c b/src/backend/utils/adt/pg_locale_icu.c index 5ad05fcd016..96d66dd4f8a 100644 --- a/src/backend/utils/adt/pg_locale_icu.c +++ b/src/backend/utils/adt/pg_locale_icu.c @@ -989,10 +989,10 @@ static int32_t foldcase_options(const char *locale) { uint32 options = U_FOLD_CASE_DEFAULT; - char lang[3]; + char lang[ULOC_LANG_CAPACITY]; UErrorCode status = U_ZERO_ERROR; - uloc_getLanguage(locale, lang, 3, &status); + uloc_getLanguage(locale, lang, ULOC_LANG_CAPACITY, &status); if (U_SUCCESS(status)) { /* -- 2.47.3