diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2000-07-07 21:12:53 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2000-07-07 21:12:53 +0000 |
| commit | 65da0d66b4e89951078ebc43a5343780e4e700d6 (patch) | |
| tree | 8bc075c2b755432ac3c51516a0fdbc7dfd0e3c12 /src/backend/utils/adt/varchar.c | |
| parent | de85dd1d51ab7325984ef36302831ca21e3ae53e (diff) | |
Fix misuse of StrNCpy to copy and add null to non-null-terminated data.
Does not work since it fetches one byte beyond the source data, and when
the phase of the moon is wrong, the source data is smack up against the
end of backend memory and you get SIGSEGV. Don't laugh, this is a fix
for an actual user bug report.
Diffstat (limited to 'src/backend/utils/adt/varchar.c')
| -rw-r--r-- | src/backend/utils/adt/varchar.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/backend/utils/adt/varchar.c b/src/backend/utils/adt/varchar.c index 6f17cb589ae..58b24f339e1 100644 --- a/src/backend/utils/adt/varchar.c +++ b/src/backend/utils/adt/varchar.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/adt/varchar.c,v 1.67 2000/07/03 23:09:53 wieck Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/adt/varchar.c,v 1.68 2000/07/07 21:12:50 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -115,9 +115,11 @@ bpcharout(PG_FUNCTION_ARGS) char *result; int len; + /* copy and add null term */ len = VARSIZE(s) - VARHDRSZ; result = (char *) palloc(len + 1); - StrNCpy(result, VARDATA(s), len + 1); /* copy and add null term */ + memcpy(result, VARDATA(s), len); + result[len] = '\0'; #ifdef CYR_RECODE convertstr(result, len, 1); @@ -268,8 +270,8 @@ bpchar_name(char *s) return NULL; len = VARSIZE(s) - VARHDRSZ; - if (len > NAMEDATALEN) - len = NAMEDATALEN; + if (len >= NAMEDATALEN) + len = NAMEDATALEN-1; while (len > 0) { @@ -284,7 +286,7 @@ bpchar_name(char *s) #endif result = (NameData *) palloc(NAMEDATALEN); - StrNCpy(NameStr(*result), VARDATA(s), NAMEDATALEN); + memcpy(NameStr(*result), VARDATA(s), len); /* now null pad to full length... */ while (len < NAMEDATALEN) @@ -316,7 +318,7 @@ name_bpchar(NameData *s) #endif result = (char *) palloc(VARHDRSZ + len); - strncpy(VARDATA(result), NameStr(*s), len); + memcpy(VARDATA(result), NameStr(*s), len); VARATT_SIZEP(result) = len + VARHDRSZ; return result; @@ -365,9 +367,11 @@ varcharout(PG_FUNCTION_ARGS) char *result; int len; + /* copy and add null term */ len = VARSIZE(s) - VARHDRSZ; result = (char *) palloc(len + 1); - StrNCpy(result, VARDATA(s), len + 1); /* copy and add null term */ + memcpy(result, VARDATA(s), len); + result[len] = '\0'; #ifdef CYR_RECODE convertstr(result, len, 1); |