Fix off-by-one check that can lead to a memory overflow in ecpg.

author Michael Meskes <meskes@postgresql.org>

Thu, 11 Apr 2019 18:56:17 +0000 (20:56 +0200)

committer Michael Meskes <meskes@postgresql.org>

Thu, 11 Apr 2019 19:05:59 +0000 (21:05 +0200)
author Michael Meskes <meskes@postgresql.org>
Thu, 11 Apr 2019 18:56:17 +0000 (20:56 +0200)
committer Michael Meskes <meskes@postgresql.org>
Thu, 11 Apr 2019 19:05:59 +0000 (21:05 +0200)
diff --git a/src/interfaces/ecpg/preproc/pgc.l b/src/interfaces/ecpg/preproc/pgc.l

index cc1f0709b3fed124c5b4c5b20fa256a6d4c0e6e1..c2b8bf01b5e97aa517a3b6298e37324ca057a18b 100644 (file)
--- a/src/interfaces/ecpg/preproc/pgc.l
+++ b/src/interfaces/ecpg/preproc/pgc.l
@@ -1412,7 +1412,7 @@ parse_include(void)
  
                 for (ip = include_paths; yyin == NULL && ip != NULL; ip = ip->next)
                 {
-                       if (strlen(ip->path) + strlen(yytext) + 3 > MAXPGPATH)
+                       if (strlen(ip->path) + strlen(yytext) + 4 > MAXPGPATH)
                         {
                                 fprintf(stderr, _("Error: include path \"%s/%s\" is too long on line %d, skipping\n"), ip->path, yytext, yylineno);
                                 continue;
author	Michael Meskes <meskes@postgresql.org>
	Thu, 11 Apr 2019 18:56:17 +0000 (20:56 +0200)
committer	Michael Meskes <meskes@postgresql.org>
	Thu, 11 Apr 2019 19:05:59 +0000 (21:05 +0200)