Re: upper() problem in 7.0.2
От | Tom Lane |
---|---|
Тема | Re: upper() problem in 7.0.2 |
Дата | |
Msg-id | 13652.963005650@sss.pgh.pa.us обсуждение исходный текст |
Ответ на | Re: upper() problem in 7.0.2 (Tom Lane <tgl@sss.pgh.pa.us>) |
Список | pgsql-bugs |
I wrote: > Oooh, I see it ... nasty! fixedlen_like is effectively assuming that > it can access one byte beyond the end of the data string. You've > managed to set up a situation where one byte beyond falls off the > end of the world (or the end of the backend's allocated memory, anyway). Turns out there were several places with this problem. Attached is a patch against 7.0.* sources. regards, tom lane *** src/backend/utils/adt/like.c.orig Wed Apr 12 13:15:50 2000 --- src/backend/utils/adt/like.c Fri Jul 7 17:29:57 2000 *************** *** 50,56 **** (void) pg_mb2wchar_with_len((unsigned char *) s, sterm, charlen); #else sterm = (char *) palloc(charlen + 1); ! StrNCpy(sterm, s, charlen + 1); #endif /* --- 50,57 ---- (void) pg_mb2wchar_with_len((unsigned char *) s, sterm, charlen); #else sterm = (char *) palloc(charlen + 1); ! memcpy(sterm, s, charlen); ! sterm[charlen] = '\0'; #endif /* *** src/backend/utils/adt/regexp.c.orig Wed Jan 26 00:57:14 2000 --- src/backend/utils/adt/regexp.c Fri Jul 7 17:29:57 2000 *************** *** 182,188 **** /* be sure sterm is null-terminated */ sterm = (char *) palloc(charlen + 1); ! StrNCpy(sterm, s, charlen + 1); result = RE_compile_and_execute(p, sterm, cflags); --- 182,189 ---- /* be sure sterm is null-terminated */ sterm = (char *) palloc(charlen + 1); ! memcpy(sterm, s, charlen); ! sterm[charlen] = '\0'; result = RE_compile_and_execute(p, sterm, cflags); *** src/backend/utils/adt/varchar.c.orig Wed Apr 12 13:15:52 2000 --- src/backend/utils/adt/varchar.c Fri Jul 7 17:29:57 2000 *************** *** 117,123 **** { len = VARSIZE(s) - VARHDRSZ; result = (char *) palloc(len + 1); ! StrNCpy(result, VARDATA(s), len + 1); /* these are blank-padded */ } #ifdef CYR_RECODE --- 117,124 ---- { len = VARSIZE(s) - VARHDRSZ; result = (char *) palloc(len + 1); ! memcpy(result, VARDATA(s), len); ! result[len] = '\0'; } #ifdef CYR_RECODE *************** *** 249,256 **** return NULL; len = VARSIZE(s) - VARHDRSZ; ! if (len > NAMEDATALEN) ! len = NAMEDATALEN; while (len > 0) { --- 250,257 ---- return NULL; len = VARSIZE(s) - VARHDRSZ; ! if (len >= NAMEDATALEN) ! len = NAMEDATALEN-1; while (len > 0) { *************** *** 265,271 **** #endif result = (NameData *) palloc(NAMEDATALEN); ! StrNCpy(NameStr(*result), VARDATA(s), NAMEDATALEN); /* now null pad to full length... */ while (len < NAMEDATALEN) --- 266,272 ---- #endif result = (NameData *) palloc(NAMEDATALEN); ! memcpy(NameStr(*result), VARDATA(s), len); /* now null pad to full length... */ while (len < NAMEDATALEN) *************** *** 297,303 **** #endif result = (char *) palloc(VARHDRSZ + len); ! strncpy(VARDATA(result), NameStr(*s), len); VARSIZE(result) = len + VARHDRSZ; return result; --- 298,304 ---- #endif result = (char *) palloc(VARHDRSZ + len); ! memcpy(VARDATA(result), NameStr(*s), len); VARSIZE(result) = len + VARHDRSZ; return result; *************** *** 354,360 **** { len = VARSIZE(s) - VARHDRSZ; result = (char *) palloc(len + 1); ! StrNCpy(result, VARDATA(s), len + 1); } #ifdef CYR_RECODE --- 355,362 ---- { len = VARSIZE(s) - VARHDRSZ; result = (char *) palloc(len + 1); ! memcpy(result, VARDATA(s), len); ! result[len] = '\0'; } #ifdef CYR_RECODE
В списке pgsql-bugs по дате отправления:
Следующее
От: "Robert B. Easter"Дата:
Сообщение: pg_dump of functions containing \' fail to restore (if not corrected by hand)