git.postgresql.org Git - postgresql.git/commit

git projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6095069) | patch
Avoid fetching one past the end of translate()'s "to" parameter.
author Tom Lane <tgl@sss.pgh.pa.us>
Wed, 1 Mar 2023 16:30:17 +0000 (11:30 -0500)
committer Tom Lane <tgl@sss.pgh.pa.us>
Wed, 1 Mar 2023 16:30:31 +0000 (11:30 -0500)
commit d7056bc1c71d2d876adb60dda8e0ba962e8279df
tree 65552305c23835b4e7de090cbb3b457f176c7770 tree
parent 6095069b40d7f01d5e7771d23b18d65dc029fc0d commit | diff
Avoid fetching one past the end of translate()'s "to" parameter.

This is usually harmless, but if you were very unlucky it could
provoke a segfault due to the "to" string being right up against
the end of memory. Found via valgrind testing (so we might've
found it earlier, except that our regression tests lacked any
exercise of translate()'s deletion feature).

Fix by switching the order of the test-for-end-of-string and
advance-pointer steps. While here, compute "to_ptr + tolen"
just once. (Smarter compilers might figure that out for
themselves, but let's just make sure.)

Report and fix by Daniil Anisimov, in bug #17816.

Discussion: https://postgr.es/m/17816-70f3d2764e88a108@postgresql.org
src/backend/utils/adt/oracle_compat.c diff | blob | blame | history
src/test/regress/expected/strings.out diff | blob | blame | history
src/test/regress/sql/strings.sql diff | blob | blame | history
This is the main PostgreSQL git repository.
RSS Atom

AltStyle によって変換されたページ (->オリジナル) /