Home > mailing lists

Re: [BUGS] BUG #14468: One byte buffer overlow inquote_literal_cstr() - Mailing list pgsql-bugs

From	Alvaro Herrera
Subject	Re: [BUGS] BUG #14468: One byte buffer overlow inquote_literal_cstr()
Date	December 16, 2016 20:43:51
Msg-id	20161216144351.apdbuk4je5ywekle@alvherre.pgsql Whole thread Raw
In response to	[BUGS] BUG #14468: One byte buffer overlow in quote_literal_cstr() (hlinnaka@iki.fi)
List	pgsql-bugs

Tree view

hlinnaka@iki.fi wrote:

> Looking at quote_literal_cstr(), it simply doesn't take into account the
> space needed for the NULL terminator, when it allocates the buffer. The fix
> is a straightforward + 1 to the allocation. I'll go and do that shortly, and
> backpatch.

Hm, that's a bit confusing.  I thought the +3 included the terminator,
but what it's actually for is the optional starting E; and the reason
quote_literal doesn't need similar patching it is that there is no
terminator 'cause it produces varlena.  I would think this deserves a
comment ...

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: hlinnaka@iki.fi
Date: 16 December 2016, 16:50:01
Subject: [BUGS] BUG #14468: One byte buffer overlow in quote_literal_cstr()

From: Jeff Janes
Date: 17 December 2016, 02:47:03
Subject: Re: [BUGS] pg_dump's results have quite different size

Re: [BUGS] BUG #14468: One byte buffer overlow inquote_literal_cstr() - Mailing list pgsql-bugs

Previous

Next