*** src/backend/utils/adt/pg_lzcompress.c 2006/10/05 23:33:33 1.23 --- src/backend/utils/adt/pg_lzcompress.c 2008/03/08 01:09:36 1.31 *************** pglz_compress(const char *source, int32 *** 631,656 **** void pglz_decompress(const PGLZ_Header *source, char *dest) { ! const unsigned char *dp; ! const unsigned char *dend; ! unsigned char *bp; ! unsigned char ctrl; ! int32 ctrlc; ! int32 len; ! int32 off; ! int32 destsize; ! ! dp = ((const unsigned char *) source) + sizeof(PGLZ_Header); ! dend = ((const unsigned char *) source) + VARATT_SIZE(source); ! bp = (unsigned char *) dest; ! while (dp < dend) { /* ! * Read one control byte and process the next 8 items. */ ! ctrl = *dp++; ! for (ctrlc = 0; ctrlc < 8 && dp < dend; ctrlc++) { if (ctrl & 1) { --- 641,666 ---- void pglz_decompress(const PGLZ_Header *source, char *dest) { ! const unsigned char *sp; ! const unsigned char *srcend; ! unsigned char *dp; ! unsigned char *destend; ! ! sp = ((const unsigned char *) source) + sizeof(PGLZ_Header); ! srcend = ((const unsigned char *) source) + VARATT_SIZE(source); ! dp = (unsigned char *) dest; ! destend = dp + source->rawsize; ! while (sp < srcend && dp < destend) { /* ! * Read one control byte and process the next 8 items (or as many ! * as remain in the compressed input). */ ! unsigned char ctrl = *sp++; ! int ctrlc; ! ! for (ctrlc = 0; ctrlc < 8 && sp < srcend; ctrlc++) { if (ctrl & 1) { *************** pglz_decompress(const PGLZ_Header *sourc *** 661,671 **** * coded as 18, another extension tag byte tells how much * longer the match really was (0-255). */ ! len = (dp[0] & 0x0f) + 3; ! off = ((dp[0] & 0xf0) << 4) | dp[1]; ! dp += 2; if (len == 18) ! len += *dp++; /* * Now we copy the bytes specified by the tag from OUTPUT to --- 671,697 ---- * coded as 18, another extension tag byte tells how much * longer the match really was (0-255). */ ! int32 len; ! int32 off; ! ! len = (sp[0] & 0x0f) + 3; ! off = ((sp[0] & 0xf0) << 4) | sp[1]; ! sp += 2; if (len == 18) ! len += *sp++; ! ! /* ! * Check for output buffer overrun, to ensure we don't ! * clobber memory in case of corrupt input. Note: we must ! * advance dp here to ensure the error is detected below ! * the loop. We don't simply put the elog inside the loop ! * since that will probably interfere with optimization. ! */ ! if (dp + len > destend) ! { ! dp += len; ! break; ! } /* * Now we copy the bytes specified by the tag from OUTPUT to *************** pglz_decompress(const PGLZ_Header *sourc *** 675,682 **** */ while (len--) { ! *bp = bp[-off]; ! bp++; } } else --- 701,708 ---- */ while (len--) { ! *dp = dp[-off]; ! dp++; } } else *************** pglz_decompress(const PGLZ_Header *sourc *** 685,691 **** * An unset control bit means LITERAL BYTE. So we just copy * one from INPUT to OUTPUT. */ ! *bp++ = *dp++; } /* --- 711,720 ---- * An unset control bit means LITERAL BYTE. So we just copy * one from INPUT to OUTPUT. */ ! if (dp >= destend) /* check for buffer overrun */ ! break; /* do not clobber memory */ ! ! *dp++ = *sp++; } /* *************** pglz_decompress(const PGLZ_Header *sourc *** 696,709 **** } /* ! * Check we decompressed the right amount, else die. This is a FATAL ! * condition if we tromped on more memory than expected (we assume we ! * have not tromped on shared memory, though, so need not PANIC). ! */ ! destsize = (char *) bp - dest; ! if (destsize != source->rawsize) ! elog(destsize > source->rawsize ? FATAL : ERROR, ! "compressed data is corrupt"); /* * That's it. --- 725,734 ---- } /* ! * Check we decompressed the right amount. ! */ ! if (dp != destend || sp != srcend) ! elog(ERROR, "compressed data is corrupt"); /* * That's it.