pgsql: Fix off-by-one loop count in MapArrayTypeName, and get rid of st
| От | Tom Lane |
|---|---|
| Тема | pgsql: Fix off-by-one loop count in MapArrayTypeName, and get rid of st |
| Дата | |
| Msg-id | E1Y0yqs-0008VI-Fm@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Fix off-by-one loop count in MapArrayTypeName, and get rid of static array. MapArrayTypeName would copy up to NAMEDATALEN-1 bytes of the base type name, which of course is wrong: after prepending '_' there is only room for NAMEDATALEN-2 bytes. Aside from being the wrong result, this case would lead to overrunning the statically allocated work buffer. This would be a security bug if the function were ever used outside bootstrap mode, but it isn't, at least not in any currently supported branches. Aside from fixing the off-by-one loop logic, this patch gets rid of the static work buffer by having MapArrayTypeName pstrdup its result; the sole caller was already doing that, so this just requires moving the pstrdup call. This saves a few bytes but mainly it makes the API a lot cleaner. Back-patch on the off chance that there is some third-party code using MapArrayTypeName with less-secure input. Pushing pstrdup into the function should not cause any serious problems for such hypothetical code; at worst there might be a short term memory leak. Per Coverity scanning. Branch ------ REL9_3_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/53960e7eb34618c96f4d17216e6a3f92ac98c749 Modified Files -------------- src/backend/bootstrap/bootscanner.l | 2 +- src/backend/bootstrap/bootstrap.c | 31 +++++++++++++------------------ src/include/bootstrap/bootstrap.h | 2 +- 3 files changed, 15 insertions(+), 20 deletions(-)
В списке pgsql-committers по дате отправления: