Skip site navigation (1) Skip section navigation (2)

BUG #14468: One byte buffer overlow in quote_literal_cstr()

From: hlinnaka(at)iki(dot)fi
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #14468: One byte buffer overlow in quote_literal_cstr()
Date: 2016-12-16 10:50:01
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
The following bug has been logged on the website:

Bug reference:      14468
Logged by:          Heikki Linnakangas
Email address:      hlinnaka(at)iki(dot)fi
PostgreSQL version: 9.6.1
Operating system:   All

postgres=# select format('%L', E'\\');
WARNING:  detected write past chunk end in ExprContext 0x55c65ff98fa8
(1 row)

This was originally reported against Greenplum, at The code there isn't quite
the same, but it turned out to be a shared bug.

Looking at quote_literal_cstr(), it simply doesn't take into account the
space needed for the NULL terminator, when it allocates the buffer. The fix
is a straightforward + 1 to the allocation. I'll go and do that shortly, and


pgsql-bugs by date

Next:From: Alvaro HerreraDate: 2016-12-16 14:43:51
Subject: Re: BUG #14468: One byte buffer overlow in quote_literal_cstr()
Previous:From: Rahul KumarDate: 2016-12-16 09:53:48
Subject: Re: BUG #14467: Insertion Issue with Hibernate

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group