Fix one-byte buffer overrun in PQprintTuples().

This bug goes back to the original Postgres95 sources.  Its significance
to modern PG versions is marginal, since we have not used PQprintTuples()
internally in a very long time, and it doesn't seem to have ever been
documented either.  Still, it *is* exposed to client apps, so somebody
out there might possibly be using it.

Xi Wang

diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c
index a2dbc345d727bfab809a17da6a19c97f05afadde..7ff4a20b7046463a6fedff0548e6e84a109c32c9 100644 (file)
--- a/src/interfaces/libpq/fe-print.c
+++ b/src/interfaces/libpq/fe-print.c
@@ -686,7 +686,6 @@ PQprintTuples(const PGresult *res,
        int                     i,
                                j;
        char            formatString[80];
-
        char       *tborder = NULL;
 
        nFields = PQnfields(res);
@@ -705,15 +704,15 @@ PQprintTuples(const PGresult *res,
                        int                     width;
 
                        width = nFields * 14;
-                       tborder = malloc(width + 1);
+                       tborder = (char *) malloc(width + 1);
                        if (!tborder)
                        {
                                fprintf(stderr, libpq_gettext("out of memory\n"));
                                exit(1);
                        }
-                       for (i = 0; i <= width; i++)
+                       for (i = 0; i < width; i++)
                                tborder[i] = '-';
-                       tborder[i] = '\0';
+                       tborder[width] = '\0';
                        fprintf(fout, "%s\n", tborder);
                }