git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Fix off-by-one in memory allocation for quote_literal_cstr().

author Heikki Linnakangas <heikki.linnakangas@iki.fi>

2016年12月16日 10:50:20 +0000 (12:50 +0200)

committer Heikki Linnakangas <heikki.linnakangas@iki.fi>

2016年12月16日 10:53:04 +0000 (12:53 +0200)

The calculation didn't take into account the NULL terminator. That lead
to overwriting the palloc'd buffer by one byte, if the input consists
entirely of backslashes. For example "format('%L', E'\\')".

Fixes bug #14468. Backpatch to all supported versions.

Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org

src/backend/utils/adt/quote.c patch | blob | blame | history

diff --git a/src/backend/utils/adt/quote.c b/src/backend/utils/adt/quote.c

index 9bdde8bf8168352727a27dc7e2e35d1ca0e2eb14..a53afc13426f52328bde9644fe04d646af3852e6 100644 (file)

--- a/src/backend/utils/adt/quote.c

+++ b/src/backend/utils/adt/quote.c

@@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr)

len = strlen(rawstr);

/* We make a worst-case result area; wasting a little space is OK */

- result = palloc(len * 2 + 3);

+ result = palloc(len * 2 + 3 + 1);

newlen = quote_literal_internal(result, rawstr, len);

result[newlen] = '0円';

This is the main PostgreSQL git repository.

RSS Atom