diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2014-10-26 19:17:57 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2014-10-26 19:17:57 -0400 |
| commit | c53a82b99d98df393d7ba308bf1586b2201d0d65 (patch) | |
| tree | 68295b3ee99cd9ec4221f21d2156f824d6cd2d3e /src | |
| parent | 859e2b9dd4de94ef9a9ad34da3e39572e4f1d66f (diff) | |
| download | postgresql-c53a82b99d98df393d7ba308bf1586b2201d0d65.tar.gz postgresql-c53a82b99d98df393d7ba308bf1586b2201d0d65.zip | |
Fix undersized result buffer in pset_quoted_string().
The malloc request was 1 byte too small for the worst-case output.
This seems relatively unlikely to cause any problems in practice,
as the worst case only occurs if the input string contains no
characters other than single-quote or newline, and even then
malloc alignment padding would probably save the day. But it's
definitely a bug.
David Rowley
Diffstat (limited to 'src')
| -rw-r--r-- | src/bin/psql/command.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c index d8c477aab04..6504959e358 100644 --- a/src/bin/psql/command.c +++ b/src/bin/psql/command.c @@ -2603,7 +2603,7 @@ pset_bool_string(bool val) static char * pset_quoted_string(const char *str) { - char *ret = pg_malloc(strlen(str) * 2 + 2); + char *ret = pg_malloc(strlen(str) * 2 + 3); char *r = ret; *r++ = '\''; |