Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 0fe5a4c

Browse files
committed
Fix off-by-one in memory allocation for quote_literal_cstr().
The calculation didn't take into account the NULL terminator. That lead to overwriting the palloc'd buffer by one byte, if the input consists entirely of backslashes. For example "format('%L', E'\\')". Fixes bug #14468. Backpatch to all supported versions. Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org
1 parent 6f4d38d commit 0fe5a4c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/backend/utils/adt/quote.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr)
107107

108108
len = strlen(rawstr);
109109
/* We make a worst-case result area; wasting a little space is OK */
110-
result = palloc(len * 2 + 3);
110+
result = palloc(len * 2 + 3 + 1);
111111

112112
newlen = quote_literal_internal(result, rawstr, len);
113113
result[newlen] = '\0';

0 commit comments

Comments
 (0)