diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2013-01-20 23:43:56 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2013-01-20 23:43:56 -0500 |
| commit | 2e892a15b966f5183b8aec8f4ba9d4133d2c1941 (patch) | |
| tree | d2dd1223d9f9edf0a6f95a555516133e1f7eb35b | |
| parent | 4a6232cce315f58bb674dd7ce6bd9166aa58fdb3 (diff) | |
| download | postgresql-2e892a15b966f5183b8aec8f4ba9d4133d2c1941.tar.gz postgresql-2e892a15b966f5183b8aec8f4ba9d4133d2c1941.zip | |
Fix one-byte buffer overrun in PQprintTuples().
This bug goes back to the original Postgres95 sources. Its significance
to modern PG versions is marginal, since we have not used PQprintTuples()
internally in a very long time, and it doesn't seem to have ever been
documented either. Still, it *is* exposed to client apps, so somebody
out there might possibly be using it.
Xi Wang
| -rw-r--r-- | src/interfaces/libpq/fe-print.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c index 5fa3be00457..b7849b70e52 100644 --- a/src/interfaces/libpq/fe-print.c +++ b/src/interfaces/libpq/fe-print.c @@ -681,7 +681,6 @@ PQprintTuples(const PGresult *res, int i, j; char formatString[80]; - char *tborder = NULL; nFields = PQnfields(res); @@ -700,15 +699,15 @@ PQprintTuples(const PGresult *res, int width; width = nFields * 14; - tborder = malloc(width + 1); + tborder = (char *) malloc(width + 1); if (!tborder) { fprintf(stderr, libpq_gettext("out of memory\n")); exit(1); } - for (i = 0; i <= width; i++) + for (i = 0; i < width; i++) tborder[i] = '-'; - tborder[i] = '\0'; + tborder[width] = '\0'; fprintf(fout, "%s\n", tborder); } |