mirror of
https://github.com/postgres/postgres.git
synced 2025-11-12 05:01:15 +03:00
Fix misuse of StrNCpy to copy and add null to non-null-terminated data.
Does not work since it fetches one byte beyond the source data, and when the phase of the moon is wrong, the source data is smack up against the end of backend memory and you get SIGSEGV. Don't laugh, this is a fix for an actual user bug report.
This commit is contained in:
Tom Lane
@@ -11,7 +11,7 @@
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/like.c,v 1.36 2000/07/06 05:48:11 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/like.c,v 1.37 2000/07/07 21:12:50 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -48,7 +48,8 @@ fixedlen_like(char *s, text *p, int charlen)
|
||||
(void) pg_mb2wchar_with_len((unsigned char *) s, sterm, charlen);
|
||||
#else
|
||||
sterm = (char *) palloc(charlen + 1);
|
||||
StrNCpy(sterm, s, charlen + 1);
|
||||
memcpy(sterm, s, charlen);
|
||||
sterm[charlen] = '\0';
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/Attic/not_in.c,v 1.23 2000/06/09 01:11:09 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/Attic/not_in.c,v 1.24 2000/07/07 21:12:50 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -52,10 +52,12 @@ int4notin(PG_FUNCTION_ARGS)
|
||||
char my_copy[NAMEDATALEN * 2 + 2];
|
||||
Datum value;
|
||||
|
||||
strlength = VARSIZE(relation_and_attr) - VARHDRSZ + 1;
|
||||
if (strlength > sizeof(my_copy))
|
||||
strlength = sizeof(my_copy);
|
||||
StrNCpy(my_copy, VARDATA(relation_and_attr), strlength);
|
||||
/* make a null-terminated copy of text */
|
||||
strlength = VARSIZE(relation_and_attr) - VARHDRSZ;
|
||||
if (strlength >= sizeof(my_copy))
|
||||
strlength = sizeof(my_copy)-1;
|
||||
memcpy(my_copy, VARDATA(relation_and_attr), strlength);
|
||||
my_copy[strlength] = '\0';
|
||||
|
||||
relation = (char *) strtok(my_copy, ".");
|
||||
attribute = (char *) strtok(NULL, ".");
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/regexp.c,v 1.32 2000/07/06 05:48:11 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/regexp.c,v 1.33 2000/07/07 21:12:50 tgl Exp $
|
||||
*
|
||||
* Alistair Crooks added the code for the regex caching
|
||||
* agc - cached the regular expressions used - there's a good chance
|
||||
@@ -164,7 +164,8 @@ fixedlen_regexeq(char *s, text *p, int charlen, int cflags)
|
||||
|
||||
/* be sure sterm is null-terminated */
|
||||
sterm = (char *) palloc(charlen + 1);
|
||||
StrNCpy(sterm, s, charlen + 1);
|
||||
memcpy(sterm, s, charlen);
|
||||
sterm[charlen] = '\0';
|
||||
|
||||
result = RE_compile_and_execute(p, sterm, cflags);
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/varchar.c,v 1.67 2000/07/03 23:09:53 wieck Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/utils/adt/varchar.c,v 1.68 2000/07/07 21:12:50 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -115,9 +115,11 @@ bpcharout(PG_FUNCTION_ARGS)
|
||||
char *result;
|
||||
int len;
|
||||
|
||||
/* copy and add null term */
|
||||
len = VARSIZE(s) - VARHDRSZ;
|
||||
result = (char *) palloc(len + 1);
|
||||
StrNCpy(result, VARDATA(s), len + 1); /* copy and add null term */
|
||||
memcpy(result, VARDATA(s), len);
|
||||
result[len] = '\0';
|
||||
|
||||
#ifdef CYR_RECODE
|
||||
convertstr(result, len, 1);
|
||||
@@ -268,8 +270,8 @@ bpchar_name(char *s)
|
||||
return NULL;
|
||||
|
||||
len = VARSIZE(s) - VARHDRSZ;
|
||||
if (len > NAMEDATALEN)
|
||||
len = NAMEDATALEN;
|
||||
if (len >= NAMEDATALEN)
|
||||
len = NAMEDATALEN-1;
|
||||
|
||||
while (len > 0)
|
||||
{
|
||||
@@ -284,7 +286,7 @@ bpchar_name(char *s)
|
||||
#endif
|
||||
|
||||
result = (NameData *) palloc(NAMEDATALEN);
|
||||
StrNCpy(NameStr(*result), VARDATA(s), NAMEDATALEN);
|
||||
memcpy(NameStr(*result), VARDATA(s), len);
|
||||
|
||||
/* now null pad to full length... */
|
||||
while (len < NAMEDATALEN)
|
||||
@@ -316,7 +318,7 @@ name_bpchar(NameData *s)
|
||||
#endif
|
||||
|
||||
result = (char *) palloc(VARHDRSZ + len);
|
||||
strncpy(VARDATA(result), NameStr(*s), len);
|
||||
memcpy(VARDATA(result), NameStr(*s), len);
|
||||
VARATT_SIZEP(result) = len + VARHDRSZ;
|
||||
|
||||
return result;
|
||||
@@ -365,9 +367,11 @@ varcharout(PG_FUNCTION_ARGS)
|
||||
char *result;
|
||||
int len;
|
||||
|
||||
/* copy and add null term */
|
||||
len = VARSIZE(s) - VARHDRSZ;
|
||||
result = (char *) palloc(len + 1);
|
||||
StrNCpy(result, VARDATA(s), len + 1); /* copy and add null term */
|
||||
memcpy(result, VARDATA(s), len);
|
||||
result[len] = '\0';
|
||||
|
||||
#ifdef CYR_RECODE
|
||||
convertstr(result, len, 1);
|
||||
|
||||
Reference in New Issue
Block a user