mirror of
https://github.com/postgres/postgres.git
synced 2025-07-02 09:02:37 +03:00
Modify wchar conversion routines to not fetch the next byte past the end
of a counted input string. Marinos Yannikos' recent crash report turns out to be due to applying pg_ascii2wchar_with_len to a TEXT object that is smack up against the end of memory. This is the second just-barely- reproducible bug report I have seen that traces to some bit of code fetching one more byte than it is allowed to. Let's be more careful out there, boys and girls. While at it, I changed the code to not risk a similar crash when there is a truncated multibyte character at the end of an input string. The output in this case might not be the most reasonable output possible; if anyone wants to improve it further, step right up...
This commit is contained in:
@ -3,7 +3,7 @@
|
||||
* client encoding and server internal encoding.
|
||||
* (currently mule internal code (mic) is used)
|
||||
* Tatsuo Ishii
|
||||
* $Id: mbutils.c,v 1.15 2001/02/10 02:31:27 tgl Exp $
|
||||
* $Id: mbutils.c,v 1.16 2001/03/08 00:24:34 tgl Exp $
|
||||
*/
|
||||
#include "postgres.h"
|
||||
|
||||
@ -230,7 +230,7 @@ pg_mbstrlen_with_len(const unsigned char *mbstr, int limit)
|
||||
int len = 0;
|
||||
int l;
|
||||
|
||||
while (*mbstr && limit > 0)
|
||||
while (limit > 0 && *mbstr)
|
||||
{
|
||||
l = pg_mblen(mbstr);
|
||||
limit -= l;
|
||||
@ -252,7 +252,7 @@ pg_mbcliplen(const unsigned char *mbstr, int len, int limit)
|
||||
int clen = 0;
|
||||
int l;
|
||||
|
||||
while (*mbstr && len > 0)
|
||||
while (len > 0 && *mbstr)
|
||||
{
|
||||
l = pg_mblen(mbstr);
|
||||
if ((clen + l) > limit)
|
||||
@ -267,7 +267,7 @@ pg_mbcliplen(const unsigned char *mbstr, int len, int limit)
|
||||
}
|
||||
|
||||
/*
|
||||
* fuctions for utils/init
|
||||
* functions for utils/init
|
||||
*/
|
||||
static int DatabaseEncoding = MULTIBYTE;
|
||||
|
||||
|
Reference in New Issue
Block a user