Cause PQescapeString to stop processing at a null character, rather

than generating an invalid output string.  Per observation and patch
from Igor Shevchenko.  Further code cleanup and documentation by
Tom Lane.

2 files changed, 29 insertions, 26 deletions

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index cd2a8f491ff..37e1fffb5fe 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.137 2003/09/20 20:12:05 tgl Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.138 2003/10/03 18:26:14 tgl Exp $
 -->
 
  <chapter id="libpq">
@@ -1972,10 +1972,13 @@ size_t PQescapeString (char *to, const char *from, size_t length);
 
 <para>
 The parameter <parameter>from</> points to the first character of the string
-that 
-is to be escaped, and the <parameter>length</> parameter gives the
-number of characters in this string.  (A terminating zero byte is
-neither necessary nor counted.)  <parameter>to</> shall point to a
+that is to be escaped, and the <parameter>length</> parameter gives the
+number of characters in this string.  A terminating zero byte is not
+required, and should not be counted in <parameter>length</>.  (If
+a terminating zero byte is found before <parameter>length</> bytes are
+processed, <function>PQescapeString</> stops at the zero; the behavior
+is thus rather like <function>strncpy</>.)
+<parameter>to</> shall point to a
 buffer that is able to hold at least one more character than twice
 the value of <parameter>length</>, otherwise the behavior is
 undefined.  A call to <function>PQescapeString</> writes an escaped
diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c
index 6f23fde1e40..6d159a9a35a 100644
--- a/src/interfaces/libpq/fe-exec.c
+++ b/src/interfaces/libpq/fe-exec.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.149 2003/10/02 14:47:44 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.150 2003/10/03 18:26:14 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2143,47 +2143,47 @@ PQfreeNotify(PGnotify *notify)
 }
 
 
-/* ---------------
- * Escaping arbitrary strings to get valid SQL strings/identifiers.
+/*
+ * Escaping arbitrary strings to get valid SQL literal strings.
  *
  * Replaces "\\" with "\\\\" and "'" with "''".
- * length is the length of the buffer pointed to by
- * from.  The buffer at to must be at least 2*length + 1 characters
- * long.  A terminating NUL character is written.
- * ---------------
+ *
+ * length is the length of the source string.  (Note: if a terminating NUL
+ * is encountered sooner, PQescapeString stops short of "length"; the behavior
+ * is thus rather like strncpy.)
+ *
+ * For safety the buffer at "to" must be at least 2*length + 1 bytes long.
+ * A terminating NUL character is added to the output string, whether the
+ * input is NUL-terminated or not.
+ *
+ * Returns the actual length of the output (not counting the terminating NUL).
  */
-
 size_t
 PQescapeString(char *to, const char *from, size_t length)
 {
 	const char *source = from;
 	char	   *target = to;
-	unsigned int remaining = length;
+	size_t		remaining = length;
 
-	while (remaining > 0)
+	while (remaining > 0 && *source != '\0')
 	{
 		switch (*source)
 		{
 			case '\\':
-				*target = '\\';
-				target++;
-				*target = '\\';
-				/* target and remaining are updated below. */
+				*target++ = '\\';
+				*target++ = '\\';
 				break;
 
 			case '\'':
-				*target = '\'';
-				target++;
-				*target = '\'';
-				/* target and remaining are updated below. */
+				*target++ = '\'';
+				*target++ = '\'';
 				break;
 
 			default:
-				*target = *source;
-				/* target and remaining are updated below. */
+				*target++ = *source;
+				break;
 		}
 		source++;
-		target++;
 		remaining--;
 	}