Re: pg17.3 PQescapeIdentifier() ignores len - Mailing list pgsql-hackers

Justin Pryzby <pryzby@telsasoft.com> writes:
> The fprintf suggests that since 5dc1e42b4 PQescapeIdentifier ignores its len.

Ugh, yes.  Need something like the attached.

FTR, 5dc1e42b4 et al were quite subtle patches done under extreme time
pressure.  I wonder if they have any other issues.  More eyes on those
patches would be welcome, now that they are public.

            regards, tom lane

diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c
index e97ad02542..120d4d032e 100644
--- a/src/interfaces/libpq/fe-exec.c
+++ b/src/interfaces/libpq/fe-exec.c
@@ -4224,7 +4224,7 @@ PQescapeInternal(PGconn *conn, const char *str, size_t len, bool as_ident)
     char       *rp;
     int            num_quotes = 0; /* single or double, depending on as_ident */
     int            num_backslashes = 0;
-    size_t        input_len = strlen(str);
+    size_t        input_len = strnlen(str, len);
     size_t        result_size;
     char        quote_char = as_ident ? '"' : '\'';
     bool        validated_mb = false;
@@ -4274,7 +4274,7 @@ PQescapeInternal(PGconn *conn, const char *str, size_t len, bool as_ident)
             if (!validated_mb)
             {
                 if (pg_encoding_verifymbstr(conn->client_encoding, s, remaining)
-                    != strlen(s))
+                    != remaining)
                 {
                     libpq_append_conn_error(conn, "invalid multibyte character");
                     return NULL;