From 9711fa06081da230e62fa52147c49ccf7b9ccbe2 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 26 Oct 2014 19:17:55 -0400 Subject: [PATCH] Fix undersized result buffer in pset_quoted_string(). The malloc request was 1 byte too small for the worst-case output. This seems relatively unlikely to cause any problems in practice, as the worst case only occurs if the input string contains no characters other than single-quote or newline, and even then malloc alignment padding would probably save the day. But it's definitely a bug. David Rowley --- src/bin/psql/command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c index cb94ce34bbd..260893523a5 100644 --- a/src/bin/psql/command.c +++ b/src/bin/psql/command.c @@ -2711,7 +2711,7 @@ pset_bool_string(bool val) static char * pset_quoted_string(const char *str) { - char *ret = pg_malloc(strlen(str) * 2 + 2); + char *ret = pg_malloc(strlen(str) * 2 + 3); char *r = ret; *r++ = '\'';