diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2014-12-16 15:35:33 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2014-12-16 15:35:33 -0500 |
| commit | 66709133c7e5506be19bf56a82f45dd150f74732 (patch) | |
| tree | 2291598f4d82a369a445483606c7fa75b46ee605 /src/backend/access/gist/gistget.c | |
| parent | de8e46f5f5785f4016aabf2aa231faa89a0746fb (diff) | |
| download | postgresql-66709133c7e5506be19bf56a82f45dd150f74732.tar.gz postgresql-66709133c7e5506be19bf56a82f45dd150f74732.zip | |
Fix off-by-one loop count in MapArrayTypeName, and get rid of static array.
MapArrayTypeName would copy up to NAMEDATALEN-1 bytes of the base type
name, which of course is wrong: after prepending '_' there is only room for
NAMEDATALEN-2 bytes. Aside from being the wrong result, this case would
lead to overrunning the statically allocated work buffer. This would be a
security bug if the function were ever used outside bootstrap mode, but it
isn't, at least not in any currently supported branches.
Aside from fixing the off-by-one loop logic, this patch gets rid of the
static work buffer by having MapArrayTypeName pstrdup its result; the sole
caller was already doing that, so this just requires moving the pstrdup
call. This saves a few bytes but mainly it makes the API a lot cleaner.
Back-patch on the off chance that there is some third-party code using
MapArrayTypeName with less-secure input. Pushing pstrdup into the function
should not cause any serious problems for such hypothetical code; at worst
there might be a short term memory leak.
Per Coverity scanning.
Diffstat (limited to 'src/backend/access/gist/gistget.c')
0 files changed, 0 insertions, 0 deletions