Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit fd5bac6

Browse files
tglsfdctglsfdc
committed
Fix coredump due to writing one more byte than we'd allocated.
1 parent ae293d3 commit fd5bac6

File tree

1 file changed

+14
-7
lines changed

1 file changed

+14
-7
lines changed

src/bin/pg_dump/pg_backup_custom.c

+14-7
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,14 @@ void InitArchiveFmt_Custom(ArchiveHandle* AH)
150150
if (ctx->zp == NULL)
151151
die_horribly(AH, "%s: unable to allocate zlib stream archive context",progname);
152152

153-
ctx->zlibOut = (char*)malloc(zlibOutSize);
153+
/*
154+
* zlibOutSize is the buffer size we tell zlib it can output to. We
155+
* actually allocate one extra byte because some routines want to append
156+
* a trailing zero byte to the zlib output. The input buffer is expansible
157+
* and is always of size ctx->inSize; zlibInSize is just the initial
158+
* default size for it.
159+
*/
160+
ctx->zlibOut = (char*)malloc(zlibOutSize+1);
154161
ctx->zlibIn = (char*)malloc(zlibInSize);
155162
ctx->inSize = zlibInSize;
156163
ctx->filePos = 0;
@@ -518,14 +525,14 @@ static void _PrintData(ArchiveHandle* AH)
518525

519526
blkLen = ReadInt(AH);
520527
while (blkLen != 0) {
521-
if (blkLen > (ctx->inSize - 1)) {
528+
if (blkLen+1 > ctx->inSize) {
522529
free(ctx->zlibIn);
523530
ctx->zlibIn = NULL;
524-
ctx->zlibIn = (char*)malloc(blkLen);
531+
ctx->zlibIn = (char*)malloc(blkLen+1);
525532
if (!ctx->zlibIn)
526533
die_horribly(AH, "%s: failed to allocate decompression buffer\n", progname);
527534

528-
ctx->inSize = blkLen;
535+
ctx->inSize = blkLen+1;
529536
in = ctx->zlibIn;
530537
}
531538

@@ -848,7 +855,7 @@ static void _StartDataCompressor(ArchiveHandle* AH, TocEntry* te)
848855

849856
#endif
850857

851-
/* Just be paranoid - maye End is called after Start, with no Write */
858+
/* Just be paranoid - maybe End is called after Start, with no Write */
852859
zp->next_out = ctx->zlibOut;
853860
zp->avail_out = zlibOutSize;
854861
}
@@ -887,7 +894,7 @@ static int _DoDeflate(ArchiveHandle* AH, lclContext* ctx, int flush)
887894
/* printf("Wrote %d byte deflated chunk\n", zlibOutSize - zp->avail_out); */
888895
WriteInt(AH, zlibOutSize - zp->avail_out);
889896
if (fwrite(out, 1, zlibOutSize - zp->avail_out, AH->FH) != (zlibOutSize - zp->avail_out))
890-
die_horribly(AH, "%s: could write compressed chunk\n",progname);
897+
die_horribly(AH, "%s: could not write compressed chunk\n",progname);
891898
ctx->filePos += zlibOutSize - zp->avail_out;
892899
}
893900
zp->next_out = out;
@@ -899,7 +906,7 @@ static int _DoDeflate(ArchiveHandle* AH, lclContext* ctx, int flush)
899906
{
900907
WriteInt(AH, zp->avail_in);
901908
if (fwrite(zp->next_in, 1, zp->avail_in, AH->FH) != zp->avail_in)
902-
die_horribly(AH, "%s: could write uncompressed chunk\n", progname);
909+
die_horribly(AH, "%s: could not write uncompressed chunk\n", progname);
903910
ctx->filePos += zp->avail_in;
904911
zp->avail_in = 0;
905912
} else {

0 commit comments

Comments
 (0)