Fix undersized result buffer in pset_quoted_string().

tglsfdc · tglsfdc · commit c53a82b99d98 · 2014-10-26T19:17:57.000-04:00
The malloc request was 1 byte too small for the worst-case output.
This seems relatively unlikely to cause any problems in practice,
as the worst case only occurs if the input string contains no
characters other than single-quote or newline, and even then
malloc alignment padding would probably save the day.  But it's
definitely a bug.

David Rowley
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
@@ -2603,7 +2603,7 @@ pset_bool_string(bool val)
 static char *
 pset_quoted_string(const char *str)
 {
-	char	   *ret = pg_malloc(strlen(str) * 2 + 2);
+	char	   *ret = pg_malloc(strlen(str) * 2 + 3);
 	char	   *r = ret;
 
 	*r++ = '\'';

Original file line number	Diff line number	Diff line change
`@@ -2603,7 +2603,7 @@ pset_bool_string(bool val)`
`2603`	`2603`	`static char *`
`2604`	`2604`	`pset_quoted_string(const char *str)`
`2605`	`2605`	`{`
`2606`		`- char ret = pg_malloc(strlen(str) 2 + 2);`
	`2606`	`+ char ret = pg_malloc(strlen(str) 2 + 3);`
`2607`	`2607`	`char *r = ret;`
`2608`	`2608`
`2609`	`2609`	`*r++ = '\'';`