database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-03 09:13:20 +03:00
Code Activity

Fix off-by-one in memory allocation for quote_literal_cstr().

Browse Source 
The calculation didn't take into account the NULL terminator. That lead
to overwriting the palloc'd buffer by one byte, if the input consists
entirely of backslashes. For example "format('%L', E'\\')".

Fixes bug #14468. Backpatch to all supported versions.

Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org
This commit is contained in:
Heikki Linnakangas
2016-12-16 12:50:20 +02:00
parent ccf24539b6
commit e71fe84708
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/utils/adt/quote.c
View File

@@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr)
len = strlen(rawstr); len = strlen(rawstr);
/* We make a worst-case result area; wasting a little space is OK */ /* We make a worst-case result area; wasting a little space is OK */
result = palloc(len * 2 + 3); result = palloc(len * 2 + 3 + 1);
newlen = quote_literal_internal(result, rawstr, len); newlen = quote_literal_internal(result, rawstr, len);
result[newlen] = '\0'; result[newlen] = '\0';