Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitffaaaf9

Browse files
committed
Fix potential access-off-the-end-of-memory in varbit_out(): it fetched the
byte after the last full byte of the bit array, regardless of whether thatbyte was part of the valid data or not. Found by buildfarm testing.Thanks to Stefan Kaltenbrunner for nailing down the cause.
1 parent99fa5f4 commitffaaaf9

File tree

1 file changed

+11
-6
lines changed

1 file changed

+11
-6
lines changed

‎src/backend/utils/adt/varbit.c

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
* Portions Copyright (c) 1994, Regents of the University of California
1010
*
1111
* IDENTIFICATION
12-
* $Header: /cvsroot/pgsql/src/backend/utils/adt/varbit.c,v 1.26 2002/09/18 21:35:23 tgl Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/utils/adt/varbit.c,v 1.26.2.1 2007/08/21 02:40:40 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -390,20 +390,25 @@ varbit_out(PG_FUNCTION_ARGS)
390390
result= (char*)palloc(len+1);
391391
sp=VARBITS(s);
392392
r=result;
393-
for (i=0;i<len-BITS_PER_BYTE;i+=BITS_PER_BYTE,sp++)
393+
for (i=0;i <=len-BITS_PER_BYTE;i+=BITS_PER_BYTE,sp++)
394394
{
395+
/* print full bytes */
395396
x=*sp;
396397
for (k=0;k<BITS_PER_BYTE;k++)
397398
{
398399
*r++= (x&BITHIGH) ?'1' :'0';
399400
x <<=1;
400401
}
401402
}
402-
x=*sp;
403-
for (k=i;k<len;k++)
403+
if (i<len)
404404
{
405-
*r++= (x&BITHIGH) ?'1' :'0';
406-
x <<=1;
405+
/* print the last partial byte */
406+
x=*sp;
407+
for (k=i;k<len;k++)
408+
{
409+
*r++= (x&BITHIGH) ?'1' :'0';
410+
x <<=1;
411+
}
407412
}
408413
*r='\0';
409414

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp