From: Tom Lane Date: Sun, 26 Oct 2014 23:17:57 +0000 (-0400) Subject: Fix undersized result buffer in pset_quoted_string(). X-Git-Tag: REL9_4_RC1~57 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c53a82b99d98df393d7ba308bf1586b2201d0d65;p=thirdparty%2Fpostgresql.git Fix undersized result buffer in pset_quoted_string(). The malloc request was 1 byte too small for the worst-case output. This seems relatively unlikely to cause any problems in practice, as the worst case only occurs if the input string contains no characters other than single-quote or newline, and even then malloc alignment padding would probably save the day. But it's definitely a bug. David Rowley --- diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c index d8c477aab04..6504959e358 100644 --- a/src/bin/psql/command.c +++ b/src/bin/psql/command.c @@ -2603,7 +2603,7 @@ pset_bool_string(bool val) static char * pset_quoted_string(const char *str) { - char *ret = pg_malloc(strlen(str) * 2 + 2); + char *ret = pg_malloc(strlen(str) * 2 + 3); char *r = ret; *r++ = '\'';