Lists: | pgsql-hackers |
---|
From: | Xi Wang <xi(dot)wang(at)gmail(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Cc: | Xi Wang <xi(dot)wang(at)gmail(dot)com> |
Subject: | [PATCH] Fix off-by-one in PQprintTuples() |
Date: | 2013-01-20 04:51:51 |
Message-ID: | 1358657511-32752-1-git-send-email-xi.wang@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Don't write past the end of tborder; the size is width + 1.
---
src/interfaces/libpq/fe-print.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c
index 076e1cc..7ed489a 100644
--- a/src/interfaces/libpq/fe-print.c
+++ b/src/interfaces/libpq/fe-print.c
@@ -706,7 +706,7 @@ PQprintTuples(const PGresult *res,
fprintf(stderr, libpq_gettext("out of memory\n"));
abort();
}
- for (i = 0; i <= width; i++)
+ for (i = 0; i < width; i++)
tborder[i] = '-';
tborder[i] = '\0';
fprintf(fout, "%s\n", tborder);
--
1.7.10.4
From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Xi Wang <xi(dot)wang(at)gmail(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCH] Fix off-by-one in PQprintTuples() |
Date: | 2013-01-20 15:48:30 |
Message-ID: | 20130120154829.GM16126@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
* Xi Wang (xi(dot)wang(at)gmail(dot)com) wrote:
> Don't write past the end of tborder; the size is width + 1.
This whole block of code is woefully without any comments. :(
Strictly speaking, it's this:
tborder[i] = '\0';
Which ends up writing past the end of the buffer (which is allocated as
'width + 1'). Perhaps we should also change that to be:
tborder[width] = '\0';
Thanks,
Stephen
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Xi Wang <xi(dot)wang(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: [PATCH] Fix off-by-one in PQprintTuples() |
Date: | 2013-01-21 04:11:44 |
Message-ID: | 7796.1358741504@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Strictly speaking, it's this:
> tborder[i] = '\0';
> Which ends up writing past the end of the buffer (which is allocated as
> 'width + 1'). Perhaps we should also change that to be:
> tborder[width] = '\0';
Yeah, I like that better too. Will commit.
regards, tom lane