diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2016-05-23 14:16:41 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2016-05-23 14:16:41 -0400 |
| commit | a0cc89a28141595d888d8aba43163d58a1578bfb (patch) | |
| tree | fa0ec52b973964d7ad987b64e84b915225f11173 /src/backend/executor/execTuples.c | |
| parent | 9561f6e97790613d2e02f1af44913402c8858dd6 (diff) | |
| download | postgresql-a0cc89a28141595d888d8aba43163d58a1578bfb.tar.gz postgresql-a0cc89a28141595d888d8aba43163d58a1578bfb.zip | |
Fix latent crash in do_text_output_multiline().
do_text_output_multiline() would fail (typically with a null pointer
dereference crash) if its input string did not end with a newline. Such
cases do not arise in our current sources; but it certainly could happen
in future, or in extension code's usage of the function, so we should fix
it. To fix, replace "eol += len" with "eol = text + len".
While at it, make two cosmetic improvements: mark the input string const,
and rename the argument from "text" to "txt" to dodge pgindent strangeness
(since "text" is a typedef name).
Even though this problem is only latent at present, it seems like a good
idea to back-patch the fix, since it's a very simple/safe patch and it's
not out of the realm of possibility that we might in future back-patch
something that expects sane behavior from do_text_output_multiline().
Per report from Hao Lee.
Report: <CAGoxFiFPAGyPAJLcFxTB5cGhTW2yOVBDYeqDugYwV4dEd1L_Ag@mail.gmail.com>
Diffstat (limited to 'src/backend/executor/execTuples.c')
| -rw-r--r-- | src/backend/executor/execTuples.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/src/backend/executor/execTuples.c b/src/backend/executor/execTuples.c index 4f5fcf6b696..3338152bf02 100644 --- a/src/backend/executor/execTuples.c +++ b/src/backend/executor/execTuples.c @@ -1285,33 +1285,32 @@ do_tup_output(TupOutputState *tstate, Datum *values, bool *isnull) * Should only be used with a single-TEXT-attribute tupdesc. */ void -do_text_output_multiline(TupOutputState *tstate, char *text) +do_text_output_multiline(TupOutputState *tstate, const char *txt) { Datum values[1]; bool isnull[1] = {false}; - while (*text) + while (*txt) { - char *eol; + const char *eol; int len; - eol = strchr(text, '\n'); + eol = strchr(txt, '\n'); if (eol) { - len = eol - text; - + len = eol - txt; eol++; } else { - len = strlen(text); - eol += len; + len = strlen(txt); + eol = txt + len; } - values[0] = PointerGetDatum(cstring_to_text_with_len(text, len)); + values[0] = PointerGetDatum(cstring_to_text_with_len(txt, len)); do_tup_output(tstate, values, isnull); pfree(DatumGetPointer(values[0])); - text = eol; + txt = eol; } } |