diff options
| author | Andres Freund <andres@anarazel.de> | 2025-02-14 17:44:28 -0500 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2025-02-14 18:09:19 -0500 |
| commit | efdadeb2238f5b5f0f32df2f3e7d277d1faf1c4f (patch) | |
| tree | ae4fb4a8dde9e507ec835c2d115ded5d948bc0e7 /src/fe_utils/string_utils.c | |
| parent | 7720082ae53280857f1eacb86134a9a759290f40 (diff) | |
| download | postgresql-efdadeb2238f5b5f0f32df2f3e7d277d1faf1c4f.tar.gz postgresql-efdadeb2238f5b5f0f32df2f3e7d277d1faf1c4f.zip | |
Fix PQescapeLiteral()/PQescapeIdentifier() length handling
In 5dc1e42b4fa I fixed bugs in various escape functions, unfortunately as part
of that I introduced a new bug in PQescapeLiteral()/PQescapeIdentifier(). The
bug is that I made PQescapeInternal() just use strlen(), rather than taking
the specified input length into account.
That's bad, because it can lead to including input that wasn't intended to be
included (in case len is shorter than null termination of the string) and
because it can lead to reading invalid memory if the input string is not null
terminated.
Expand test_escape to this kind of bug:
a) for escape functions with length support, append data that should not be
escaped and check that it is not
b) add valgrind requests to detect access of bytes that should not be touched
Author: Tom Lane <tgl@sss.pgh.pa.us>
Author: Andres Freund <andres@anarazel.de
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Noah Misch <noah@leadboat.com>
Discussion: https://postgr.es/m/Z64jD3u46gObCo1p@pryzbyj2023
Backpatch: 13
Diffstat (limited to 'src/fe_utils/string_utils.c')
0 files changed, 0 insertions, 0 deletions