diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2007-07-19 20:34:48 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2007-07-19 20:34:48 +0000 |
| commit | 6e606074e1548a0847040f6ec789867826a4b0f9 (patch) | |
| tree | 1fc698e9ec45745c6b66ccc5c0c1fbf9e3982572 /src/backend/utils/adt/varlena.c | |
| parent | da15b2852e89c9b3348759febd864c436a78e3b9 (diff) | |
| download | postgresql-6e606074e1548a0847040f6ec789867826a4b0f9.tar.gz postgresql-6e606074e1548a0847040f6ec789867826a4b0f9.zip | |
Make replace(), split_part(), and string_to_array() behave somewhat sanely
when handed an invalidly-encoded pattern. The previous coding could get
into an infinite loop if pg_mb2wchar_with_len() returned a zero-length
string after we'd tested for nonempty pattern; which is exactly what it
will do if the string consists only of an incomplete multibyte character.
This led to either an out-of-memory error or a backend crash depending
on platform. Per report from Wiktor Wodecki.
Diffstat (limited to 'src/backend/utils/adt/varlena.c')
| -rw-r--r-- | src/backend/utils/adt/varlena.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c index 37de64b46a0..5f6ae36cee7 100644 --- a/src/backend/utils/adt/varlena.c +++ b/src/backend/utils/adt/varlena.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.106.2.7 2006/10/07 00:12:12 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.106.2.8 2007/07/19 20:34:48 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -799,22 +799,25 @@ text_position(Datum str, Datum search_str, int matchnum) (void) pg_mb2wchar_with_len((unsigned char *) VARDATA(t2), p2, len2); len2 = pg_wchar_strlen(p2); - /* no use in searching str past point where search_str will fit */ - px = (len1 - len2); - - for (p = 0; p <= px; p++) + if (len1 > 0 && len2 > 0) { - if ((*p2 == *p1) && (pg_wchar_strncmp(p1, p2, len2) == 0)) + /* no use in searching str past point where search_str will fit */ + px = (len1 - len2); + + for (p = 0; p <= px; p++) { - if (++match == matchnum) + if ((*p2 == *p1) && (pg_wchar_strncmp(p1, p2, len2) == 0)) { - pos = p + 1; - break; + if (++match == matchnum) + { + pos = p + 1; + break; + } + p1 += len2 - 1; + p += len2 - 1; } - p1 += len2 - 1; - p += len2 - 1; + p1++; } - p1++; } pfree(ps1); |