Re: invalidly encoded strings

On Tue, 2007-09-11 at 12:29 +0900, Tatsuo Ishii wrote:
> Please show me concrete examples how I could introduce a vulnerability
> using this kind of convert() usage.

Try the sequence below. Then, try to dump and then reload the database.
When you try to reload it, you will get an error:

ERROR:  invalid byte sequence for encoding "UTF8": 0xbd

Regards,Jeff Davis

test=> select version();

version

--------------------------------------------------------------------------------------------------------------------------PostgreSQL
8.3develon x86_64-unknown-linux-gnu, compiled by GCC gcc 
(GCC) 4.1.3 20070601 (prerelease) (Debian 4.1.2-12)
(1 row)

test=> show lc_collate;lc_collate
-------------en_US.UTF-8
(1 row)

test=> create table encoding_test(t text);
CREATE TABLE
test=> insert into encoding_test values('初');
INSERT 0 1
test=> insert into encoding_test values(convert('初' using
utf8_to_euc_jp));
INSERT 0 1