Life with Open Source

commit   : bf7d19be9b18f6f78bd95052a2704259021e6806    
  
author   : Noah Misch <noah@leadboat.com>    
date     : Sat, 16 May 2026 18:01:35 -0700    
  
committer: Noah Misch <noah@leadboat.com>    
date     : Sat, 16 May 2026 18:01:35 -0700    

Three locations use Assert() to guard against a mismatch between the  
number of columns advertised in the RELATION message and the number  
actually received in the subsequent INSERT/UPDATE tuple message. Since  
these values originate from the publisher, the check must survive into  
production builds.  
  
A malicious or buggy publisher can send a RELATION claiming N columns  
and an INSERT claiming M < N columns. The subscriber's apply worker  
indexes into colvalues[]/colstatus[] using column indices from the  
RELATION message's attribute map, causing a heap out-of-bounds read when  
the tuple's column array is smaller than expected. We've looked, without  
success, for a scenario in which the publisher holds sufficient control  
over these out-of-bounds bytes to exploit this or even to reach a  
SIGSEGV. Despite not finding one, the code has been fragile. Back-patch  
to v14 (all supported versions).  
  
Reported-by: Varik Matevosyan <varikmatevosyan@gmail.com>  
Author: Varik Matevosyan <varikmatevosyan@gmail.com>  
Discussion: https://postgr.es/m/CA+bBoog3cCogktzfLb9bppUByu-10B3CFp8u=iKXG_OvtAguCw@mail.gmail.com  
Backpatch-through: 14  

commit   : 4e1a23c0ea0be0214c6806baa212886cee8f14a6    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:51:39 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:51:39 -0400    

commit   : 93741c9db09709ebe05d5f59ee7852c3ad4981a9    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    

commit   : 005c1971a2926fbb9caf5a1ad634cd17a42bfd3c    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:49:58 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:49:58 -0400    

commit   : 78f1b471f991307cea4aa0d95f2d957601a1b8cd    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    

commit   : 0d1c00c624fa7367d4a895f44381887757289682    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:48:18 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:48:18 -0400    

commit   : 878e171244f7c1280201a04aa420b78c4a2d08d3    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    

commit   : 25c49f3a4a742ba283f5cc43cc7f1d361552e917    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:46:41 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:46:41 -0400    

commit   : 25d938dbcb19ba172068159c0f22826d7cc681ea    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    

commit   : f5cc81719e6da4cbdb1f797c48b693e91018153a    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:44:35 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 15:44:35 -0400    

commit   : bbd12e8010561dab2c745d2ece0e94d102bef2ea    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 11 May 2026 14:54:40 -0400    

commit   : 966473719c7f8067848dc79b58da0fb17ed136b1    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 17:03:30 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 17:03:30 -0500    

commit   : 7917762558545fbe16c0c9e9b97b83a30c11eaa8    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 14:06:33 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 14:06:33 +0100    

commit   : 3eb6f61958ac5027a18791a828a0c7a47accf211    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 17:01:47 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 17:01:47 -0500    

commit   : 7063b9e92b25caaa27c8cc4ec37ef85fe9e63cb7    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 14:03:47 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 14:03:47 +0100    

commit   : 776479eed63aac4185e57adaf7db1ce0810a4d3e    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 17:00:20 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 17:00:20 -0500    

commit   : 96802648aa2fc114f1d8728540494e422059b9ab    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 14:02:22 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 14:02:22 +0100    

commit   : 6d396980fc5aed4f1a525e0bd75cb16b25ed40ca    
  
author   : Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 16:58:47 -0500    
  
committer: Tom Lane <tgl@sss.pgh.pa.us>    
date     : Mon, 23 Feb 2026 16:58:47 -0500    

commit   : 0546d90442f7226076d474045d3a287e20325fee    
  
author   : Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 13:56:36 +0100    
  
committer: Peter Eisentraut <peter@eisentraut.org>    
date     : Mon, 23 Feb 2026 13:56:36 +0100