rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix off-by-one in memory allocation for quote_literal_cstr(). 

The calculation didn't take into account the NULL terminator. That lead
to overwriting the palloc'd buffer by one byte, if the input consists
entirely of backslashes. For example "format('%L', E'\\')".

Fixes bug #14468. Backpatch to all supported versions.

Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org
This commit is contained in:
Heikki Linnakangas 2016-12-16 12:50:20 +02:00
parent 93513d1b65
commit 4f5182e18d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/utils/adt/quote.c
View File

@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr)
len = strlen(rawstr);
/* We make a worst-case result area; wasting a little space is OK */
result = palloc(len * 2 + 3);
result = palloc(len * 2 + 3 + 1);
newlen = quote_literal_internal(result, rawstr, len);
result[newlen] = '\0';