Home > mailing lists

[BUGS] BUG #14468: One byte buffer overlow in quote_literal_cstr() - Mailing list pgsql-bugs

From	hlinnaka@iki.fi
Subject	[BUGS] BUG #14468: One byte buffer overlow in quote_literal_cstr()
Date	December 16, 2016 16:50:01
Msg-id	20161216105001.13334.42819@wrigleys.postgresql.org Whole thread Raw
Responses	Re: [BUGS] BUG #14468: One byte buffer overlow inquote_literal_cstr()
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      14468
Logged by:          Heikki Linnakangas
Email address:      hlinnaka@iki.fi
PostgreSQL version: 9.6.1
Operating system:   All
Description:

postgres=# select format('%L', E'\\');
WARNING:  detected write past chunk end in ExprContext 0x55c65ff98fa8
 format 
--------
 E'\\'
(1 row)


This was originally reported against Greenplum, at
https://github.com/greenplum-db/gpdb/issues/1301. The code there isn't quite
the same, but it turned out to be a shared bug.

Looking at quote_literal_cstr(), it simply doesn't take into account the
space needed for the NULL terminator, when it allocates the buffer. The fix
is a straightforward + 1 to the allocation. I'll go and do that shortly, and
backpatch.


--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: Rahul Kumar
Date: 16 December 2016, 15:53:48
Subject: Re: [BUGS] BUG #14467: Insertion Issue with Hibernate

From: Alvaro Herrera
Date: 16 December 2016, 20:43:51
Subject: Re: [BUGS] BUG #14468: One byte buffer overlow inquote_literal_cstr()

[BUGS] BUG #14468: One byte buffer overlow in quote_literal_cstr() - Mailing list pgsql-bugs

Previous

Next