Fix undersized result buffer in pset_quoted_string().

The malloc request was 1 byte too small for the worst-case output.
This seems relatively unlikely to cause any problems in practice,
as the worst case only occurs if the input string contains no
characters other than single-quote or newline, and even then
malloc alignment padding would probably save the day.  But it's
definitely a bug.

David Rowley

diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index d8c477aab046516e0e4274df9e4e95afbe5aaf00..6504959e3581a03a7082694dd35eb3bcaefa81c3 100644 (file)
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -2603,7 +2603,7 @@ pset_bool_string(bool val)
 static char *
 pset_quoted_string(const char *str)
 {
-       char       *ret = pg_malloc(strlen(str) * 2 + 2);
+       char       *ret = pg_malloc(strlen(str) * 2 + 3);
        char       *r = ret;
 
        *r++ = '\'';