database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-21 16:02:15 +03:00
Code Activity

Fix misuse of StrNCpy to copy and add null to non-null-terminated data.

Browse Source 
Does not work since it fetches one byte beyond the source data, and when
the phase of the moon is wrong, the source data is smack up against the
end of backend memory and you get SIGSEGV.  Don't laugh, this is a fix
for an actual user bug report.
This commit is contained in:
Tom Lane
2000-07-07 21:12:53 +00:00
parent de85dd1d51
commit 65da0d66b4
9 changed files with 56 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/utils/adt/varchar.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/adt/varchar.c,v 1.67 2000/07/03 23:09:53 wieck Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/adt/varchar.c,v 1.68 2000/07/07 21:12:50 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@ -115,9 +115,11 @@ bpcharout(PG_FUNCTION_ARGS)
char *result;
int len;
/* copy and add null term */
len = VARSIZE(s) - VARHDRSZ;
result = (char *) palloc(len + 1);
StrNCpy(result, VARDATA(s), len + 1); /* copy and add null term */
memcpy(result, VARDATA(s), len);
result[len] = '\0';
#ifdef CYR_RECODE
convertstr(result, len, 1);
@ -268,8 +270,8 @@ bpchar_name(char *s)
return NULL;
len = VARSIZE(s) - VARHDRSZ;
if (len > NAMEDATALEN)
len = NAMEDATALEN;
if (len >= NAMEDATALEN)
len = NAMEDATALEN-1;
while (len > 0)
{
@ -284,7 +286,7 @@ bpchar_name(char *s)
#endif
result = (NameData *) palloc(NAMEDATALEN);
StrNCpy(NameStr(*result), VARDATA(s), NAMEDATALEN);
memcpy(NameStr(*result), VARDATA(s), len);
/* now null pad to full length... */
while (len < NAMEDATALEN)
@ -316,7 +318,7 @@ name_bpchar(NameData *s)
#endif
result = (char *) palloc(VARHDRSZ + len);
strncpy(VARDATA(result), NameStr(*s), len);
memcpy(VARDATA(result), NameStr(*s), len);
VARATT_SIZEP(result) = len + VARHDRSZ;
return result;
@ -365,9 +367,11 @@ varcharout(PG_FUNCTION_ARGS)
char *result;
int len;
/* copy and add null term */
len = VARSIZE(s) - VARHDRSZ;
result = (char *) palloc(len + 1);
StrNCpy(result, VARDATA(s), len + 1); /* copy and add null term */
memcpy(result, VARDATA(s), len);
result[len] = '\0';
#ifdef CYR_RECODE
convertstr(result, len, 1);