Thread: Fix memcmp() with different sizes.
Not everything in the re_array is the same size. This patch first checks that they actually are the same size in the first place. Kurt
Attachment
Kurt Roeckx <Q@ping.be> writes:
> - if (memcmp(re_array[i].cre_pat, text_re, text_re_len) == 0 &&
> + if (VARSIZE(re_array[i].cre_pat) == text_re_len &&
> + memcmp(re_array[i].cre_pat, text_re, text_re_len) == 0 &&
This is not actually broken. The first four bytes of what memcmp is
comparing are the length, and so it'll fall out immediately anyway if
the lengths differ.
regards, tom lane
On Mon, Feb 02, 2004 at 09:27:46PM -0500, Tom Lane wrote: > Kurt Roeckx <Q@ping.be> writes: > > - if (memcmp(re_array[i].cre_pat, text_re, text_re_len) == 0 && > > + if (VARSIZE(re_array[i].cre_pat) == text_re_len && > > + memcmp(re_array[i].cre_pat, text_re, text_re_len) == 0 && > > This is not actually broken. The first four bytes of what memcmp is > comparing are the length, and so it'll fall out immediately anyway if > the lengths differ. That assumes the memcmp starts from the first char and not from the last. If it starts from the last you have undefined behaviour. Kurt
Kurt Roeckx <Q@ping.be> writes:
> That assumes the memcmp starts from the first char and not from
> the last. If it starts from the last you have undefined
> behaviour.
Hmm. I suppose you could get a reference off the end of memory;
pretty improbable but we have actually seen similar bugs in the field.
Okay, will fix.
regards, tom lane