Fix off-by-one in memory allocation for quote_literal_cstr().

The calculation didn't take into account the NULL terminator. That lead to overwriting the palloc'd buffer by one byte, if the input consists entirely of backslashes. For example "format('%L', E'\\')". Fixes bug #14468. Backpatch to all supported versions. Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org
author: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2016-12-16 12:50:20 +0200
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2016-12-16 12:52:50 +0200
commit: 0fe5a4cd7579289ac8b73feb61f72ef9e6995200 (patch)
tree: bf1bd3eb6f15403f35402e2b12ff2baf46b39706
parent: 6f4d38dbe06867df01dd62b52dae1654eba3976f (diff)
download: postgresql-0fe5a4cd7579289ac8b73feb61f72ef9e6995200.tar.gz
postgresql-0fe5a4cd7579289ac8b73feb61f72ef9e6995200.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/adt/quote.c b/src/backend/utils/adt/quote.c
index 9bdde8bf816..a53afc13426 100644
--- a/src/backend/utils/adt/quote.c
+++ b/src/backend/utils/adt/quote.c
@@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr)
 
 	len = strlen(rawstr);
 	/* We make a worst-case result area; wasting a little space is OK */
-	result = palloc(len * 2 + 3);
+	result = palloc(len * 2 + 3 + 1);
 
 	newlen = quote_literal_internal(result, rawstr, len);
 	result[newlen] = '\0';
author	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2016-12-16 12:50:20 +0200
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2016-12-16 12:52:50 +0200
commit	0fe5a4cd7579289ac8b73feb61f72ef9e6995200 (patch)
tree	bf1bd3eb6f15403f35402e2b12ff2baf46b39706
parent	6f4d38dbe06867df01dd62b52dae1654eba3976f (diff)
download	postgresql-0fe5a4cd7579289ac8b73feb61f72ef9e6995200.tar.gz postgresql-0fe5a4cd7579289ac8b73feb61f72ef9e6995200.zip