mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix off-by-one in memory allocation for quote_literal_cstr().

Browse Source 
The calculation didn't take into account the NULL terminator. That lead
to overwriting the palloc'd buffer by one byte, if the input consists
entirely of backslashes. For example "format('%L', E'\\')".

Fixes bug #14468. Backpatch to all supported versions.

Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org
This commit is contained in:
Heikki Linnakangas 2016-12-16 12:50:20 +02:00
parent 93513d1b65
commit 4f5182e18d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/utils/adt/quote.c
View File

@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr)
len = strlen(rawstr); len = strlen(rawstr);
/* We make a worst-case result area; wasting a little space is OK */ /* We make a worst-case result area; wasting a little space is OK */
result = palloc(len * 2 + 3); result = palloc(len * 2 + 3 + 1);
newlen = quote_literal_internal(result, rawstr, len); newlen = quote_literal_internal(result, rawstr, len);
result[newlen] = '\0'; result[newlen] = '\0';