From 46c9f5d6f0bf680708fbd7c1972a31b58fab5f35 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Wed, 7 Mar 2012 23:46:41 +0200 Subject: [PATCH] psql: Fix invalid memory access Due to an apparent thinko, when printing a table in expanded mode (\x), space would be allocated for 1 slot plus 1 byte per line, instead of 1 slot per line plus 1 slot for the NULL terminator. When the line count is small, reading or writing the terminator would therefore access memory beyond what was allocated. --- src/bin/psql/print.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/psql/print.c b/src/bin/psql/print.c index 28afcdda74..08a853add9 100644 --- a/src/bin/psql/print.c +++ b/src/bin/psql/print.c @@ -1177,8 +1177,8 @@ print_aligned_vertical(const printTableContent *cont, FILE *fout) * We now have all the information we need to setup the formatting * structures */ - dlineptr = pg_local_malloc((sizeof(*dlineptr) + 1) * dheight); - hlineptr = pg_local_malloc((sizeof(*hlineptr) + 1) * hheight); + dlineptr = pg_local_malloc((sizeof(*dlineptr)) * (dheight + 1)); + hlineptr = pg_local_malloc((sizeof(*hlineptr)) * (hheight + 1)); dlineptr->ptr = pg_local_malloc(dformatsize); hlineptr->ptr = pg_local_malloc(hformatsize); -- 2.40.0