From 5c784d96ae445f0d46bd3abde10bb02b186f42e9 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 16 Dec 2014 15:35:46 -0500 Subject: Fix off-by-one loop count in MapArrayTypeName, and get rid of static array. MapArrayTypeName would copy up to NAMEDATALEN-1 bytes of the base type name, which of course is wrong: after prepending '_' there is only room for NAMEDATALEN-2 bytes. Aside from being the wrong result, this case would lead to overrunning the statically allocated work buffer. This would be a security bug if the function were ever used outside bootstrap mode, but it isn't, at least not in any currently supported branches. Aside from fixing the off-by-one loop logic, this patch gets rid of the static work buffer by having MapArrayTypeName pstrdup its result; the sole caller was already doing that, so this just requires moving the pstrdup call. This saves a few bytes but mainly it makes the API a lot cleaner. Back-patch on the off chance that there is some third-party code using MapArrayTypeName with less-secure input. Pushing pstrdup into the function should not cause any serious problems for such hypothetical code; at worst there might be a short term memory leak. Per Coverity scanning. --- src/include/bootstrap/bootstrap.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/include/bootstrap/bootstrap.h') diff --git a/src/include/bootstrap/bootstrap.h b/src/include/bootstrap/bootstrap.h index cee9bd1fa47..0bcb54b27c4 100644 --- a/src/include/bootstrap/bootstrap.h +++ b/src/include/bootstrap/bootstrap.h @@ -51,7 +51,7 @@ extern void InsertOneTuple(Oid objectid); extern void InsertOneValue(char *value, int i); extern void InsertOneNull(int i); -extern char *MapArrayTypeName(char *s); +extern char *MapArrayTypeName(const char *s); extern void index_register(Oid heap, Oid ind, IndexInfo *indexInfo); extern void build_indices(void); -- cgit v1.2.3