From c556447c70c937e5910fbbbc9653adc22c42a5ee Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 19 Jul 2007 20:34:54 +0000 Subject: [PATCH] Make replace(), split_part(), and string_to_array() behave somewhat sanely when handed an invalidly-encoded pattern. The previous coding could get into an infinite loop if pg_mb2wchar_with_len() returned a zero-length string after we'd tested for nonempty pattern; which is exactly what it will do if the string consists only of an incomplete multibyte character. This led to either an out-of-memory error or a backend crash depending on platform. Per report from Wiktor Wodecki. --- src/backend/utils/adt/varlena.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c index 897bf571d96..2c76e354c45 100644 --- a/src/backend/utils/adt/varlena.c +++ b/src/backend/utils/adt/varlena.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.92.2.5 2006/05/21 20:07:11 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.92.2.6 2007/07/19 20:34:54 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -698,20 +698,23 @@ text_position(Datum str, Datum search_str, int matchnum) (void) pg_mb2wchar_with_len((unsigned char *) VARDATA(t2), p2, len2); len2 = pg_wchar_strlen(p2); - /* no use in searching str past point where search_str will fit */ - px = (len1 - len2); - - for (p = 0; p <= px; p++) + if (len1 > 0 && len2 > 0) { - if ((*p2 == *p1) && (pg_wchar_strncmp(p1, p2, len2) == 0)) + /* no use in searching str past point where search_str will fit */ + px = (len1 - len2); + + for (p = 0; p <= px; p++) { - if (++match == matchnum) + if ((*p2 == *p1) && (pg_wchar_strncmp(p1, p2, len2) == 0)) { - pos = p + 1; - break; + if (++match == matchnum) + { + pos = p + 1; + break; + } } + p1++; } - p1++; } pfree(ps1);