Fix theoretical memory leaks in pg_locale_libc.c.

The leaks were hard to reach in practice and the impact was low.

The callers provide a buffer the same number of bytes as the source
string (plus one for NUL terminator) as a starting size, and libc
never increases the number of characters. But, if the byte length of
one of the converted characters is larger, then it might need a larger
destination buffer. Previously, in that case, the working buffers
would be leaked.

Even in that case, the call typically happens within a context that
will soon be reset. Regardless, it's worth fixing to avoid such
assumptions, and the fix is simple so it's worth backporting.

Discussion: https://postgr.es/m/e2b7a0a88aaadded7e2d19f42d5ab03c9e182ad8.camel@j-davis.com
Backpatch-through: 18

diff --git a/src/backend/utils/adt/pg_locale_libc.c b/src/backend/utils/adt/pg_locale_libc.c
index 199857e22dbecc145e4a226c01478870190a7833..c68fec2e5852eb1725c33ef3762fd15ee46b9561 100644 (file)
--- a/src/backend/utils/adt/pg_locale_libc.c
+++ b/src/backend/utils/adt/pg_locale_libc.c
@@ -222,11 +222,11 @@ strlower_libc_mb(char *dest, size_t destsize, const char *src, ssize_t srclen,
 
        result_size = wchar2char(result, workspace, max_size + 1, locale);
 
-       if (result_size + 1 > destsize)
-               return result_size;
-
-       memcpy(dest, result, result_size);
-       dest[result_size] = '\0';
+       if (destsize >= result_size + 1)
+       {
+               memcpy(dest, result, result_size);
+               dest[result_size] = '\0';
+       }
 
        pfree(workspace);
        pfree(result);
@@ -323,11 +323,11 @@ strtitle_libc_mb(char *dest, size_t destsize, const char *src, ssize_t srclen,
 
        result_size = wchar2char(result, workspace, max_size + 1, locale);
 
-       if (result_size + 1 > destsize)
-               return result_size;
-
-       memcpy(dest, result, result_size);
-       dest[result_size] = '\0';
+       if (destsize >= result_size + 1)
+       {
+               memcpy(dest, result, result_size);
+               dest[result_size] = '\0';
+       }
 
        pfree(workspace);
        pfree(result);
@@ -405,11 +405,11 @@ strupper_libc_mb(char *dest, size_t destsize, const char *src, ssize_t srclen,
 
        result_size = wchar2char(result, workspace, max_size + 1, locale);
 
-       if (result_size + 1 > destsize)
-               return result_size;
-
-       memcpy(dest, result, result_size);
-       dest[result_size] = '\0';
+       if (destsize >= result_size + 1)
+       {
+               memcpy(dest, result, result_size);
+               dest[result_size] = '\0';
+       }
 
        pfree(workspace);
        pfree(result);