From: Tom Lane Date: Mon, 21 Jan 2013 04:44:11 +0000 (-0500) Subject: Fix one-byte buffer overrun in PQprintTuples(). X-Git-Tag: REL8_3_23~8 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=59d70a5e9c9a2dedac5c237cb005d9f32485cbff;p=postgresql Fix one-byte buffer overrun in PQprintTuples(). This bug goes back to the original Postgres95 sources. Its significance to modern PG versions is marginal, since we have not used PQprintTuples() internally in a very long time, and it doesn't seem to have ever been documented either. Still, it *is* exposed to client apps, so somebody out there might possibly be using it. Xi Wang --- diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c index a2dbc345d7..7ff4a20b70 100644 --- a/src/interfaces/libpq/fe-print.c +++ b/src/interfaces/libpq/fe-print.c @@ -686,7 +686,6 @@ PQprintTuples(const PGresult *res, int i, j; char formatString[80]; - char *tborder = NULL; nFields = PQnfields(res); @@ -705,15 +704,15 @@ PQprintTuples(const PGresult *res, int width; width = nFields * 14; - tborder = malloc(width + 1); + tborder = (char *) malloc(width + 1); if (!tborder) { fprintf(stderr, libpq_gettext("out of memory\n")); exit(1); } - for (i = 0; i <= width; i++) + for (i = 0; i < width; i++) tborder[i] = '-'; - tborder[i] = '\0'; + tborder[width] = '\0'; fprintf(fout, "%s\n", tborder); }