Fix undersized result buffer in pset_quoted_string().

tglsfdc · tglsfdc · commit 9711fa06081d · 2014-10-26T19:17:55.000-04:00
The malloc request was 1 byte too small for the worst-case output.
This seems relatively unlikely to cause any problems in practice,
as the worst case only occurs if the input string contains no
characters other than single-quote or newline, and even then
malloc alignment padding would probably save the day.  But it's
definitely a bug.

David Rowley
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
@@ -2711,7 +2711,7 @@ pset_bool_string(bool val)
 static char *
 pset_quoted_string(const char *str)
 {
-	char	   *ret = pg_malloc(strlen(str) * 2 + 2);
+	char	   *ret = pg_malloc(strlen(str) * 2 + 3);
 	char	   *r = ret;
 
 	*r++ = '\'';

Original file line number	Diff line number	Diff line change
`@@ -2711,7 +2711,7 @@ pset_bool_string(bool val)`
`2711`	`2711`	`static char *`
`2712`	`2712`	`pset_quoted_string(const char *str)`
`2713`	`2713`	`{`
`2714`		`- char ret = pg_malloc(strlen(str) 2 + 2);`
	`2714`	`+ char ret = pg_malloc(strlen(str) 2 + 3);`
`2715`	`2715`	`char *r = ret;`
`2716`	`2716`
`2717`	`2717`	`*r++ = '\'';`