From 4f5182e18d3ec7b84c24ceba2c436ea890c95e25 Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Fri, 16 Dec 2016 12:50:20 +0200 Subject: [PATCH] Fix off-by-one in memory allocation for quote_literal_cstr(). The calculation didn't take into account the NULL terminator. That lead to overwriting the palloc'd buffer by one byte, if the input consists entirely of backslashes. For example "format('%L', E'\\')". Fixes bug #14468. Backpatch to all supported versions. Report: https://www.postgresql.org/message-id/20161216105001.13334.42819%40wrigleys.postgresql.org --- src/backend/utils/adt/quote.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/utils/adt/quote.c b/src/backend/utils/adt/quote.c index 9bdde8bf81..a53afc1342 100644 --- a/src/backend/utils/adt/quote.c +++ b/src/backend/utils/adt/quote.c @@ -107,7 +107,7 @@ quote_literal_cstr(const char *rawstr) len = strlen(rawstr); /* We make a worst-case result area; wasting a little space is OK */ - result = palloc(len * 2 + 3); + result = palloc(len * 2 + 3 + 1); newlen = quote_literal_internal(result, rawstr, len); result[newlen] = '\0'; -- 2.40.0