NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit24ea53d

committed

Avoid overflow in fe_utils' printTable()

The original code would miscalculate the total number of cells when thetable to print has more than ~4 billion cells, leading to an unnecessaryerror. Repair by changing some computations to be 64-bits wide. Addsome necessary overflow checks.Author: Hongxu Ma <interma@outlook.com>Discussion:https://postgr.es/m/TYBP286MB0351B057B101C90D7C1239E6B4E2A@TYBP286MB0351.JPNP286.PROD.OUTLOOK.COM

1 parente83aa9f commit24ea53dCopy full SHA for 24ea53d

File tree

2 files changed

+23

-9

lines changed

src
- fe_utils
  - print.c
- include/fe_utils
  - print.h

2 files changed

+23

-9

lines changed

`‎src/fe_utils/print.c`

Lines changed: 22 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -3172,14 +3172,25 @@ void`
`3172`	`3172`	`printTableInit(printTableContentconstcontent,constprintTableOptopt,`
`3173`	`3173`	`constchar*title,constintncolumns,constintnrows)`
`3174`	`3174`	`{`
	`3175`	`+uint64total_cells;`
	`3176`	`+`
`3175`	`3177`	`content->opt=opt;`
`3176`	`3178`	`content->title=title;`
`3177`	`3179`	`content->ncolumns=ncolumns;`
`3178`	`3180`	`content->nrows=nrows;`
`3179`	`3181`
`3180`	`3182`	`content->headers=pg_malloc0((ncolumns+1)sizeof(content->headers));`
`3181`	`3183`
`3182`		`-content->cells=pg_malloc0((ncolumnsnrows+1)sizeof(*content->cells));`
	`3184`	`+total_cells= (uint64)ncolumns*nrows;`
	`3185`	`+/* Catch possible overflow. Using >= here allows adding 1 below */`
	`3186`	`+if (total_cells >=SIZE_MAX /sizeof(*content->cells))`
	`3187`	`+{`
	`3188`	`+fprintf(stderr,_("Cannot print table contents: number of cells %lld is equal to or exceeds maximum %lld.\n"),`
	`3189`	`+(long longint)total_cells,`
	`3190`	`+(long longint) (SIZE_MAX /sizeof(*content->cells)));`
	`3191`	`+exit(EXIT_FAILURE);`
	`3192`	`+}`
	`3193`	`+content->cells=pg_malloc0((total_cells+1)sizeof(content->cells));`
`3183`	`3194`
`3184`	`3195`	`content->cellmustfree=NULL;`
`3185`	`3196`	`content->footers=NULL;`
`@@ -3249,15 +3260,17 @@ void`
`3249`	`3260`	`printTableAddCell(printTableContentconstcontent,charcell,`
`3250`	`3261`	`constbooltranslate,constboolmustfree)`
`3251`	`3262`	`{`
	`3263`	`+uint64total_cells;`
	`3264`	`+`
`3252`	`3265`	`#ifndefENABLE_NLS`
`3253`	`3266`	`(void)translate;/* unused parameter */`
`3254`	`3267`	`#endif`
`3255`	`3268`
`3256`		`-if (content->cellsadded >=content->ncolumns*content->nrows)`
	`3269`	`+total_cells= (uint64)content->ncolumns*content->nrows;`
	`3270`	`+if (content->cellsadded >=total_cells)`
`3257`	`3271`	`{`
`3258`		`-fprintf(stderr,_("Cannot add cell to table content: "`
`3259`		`-"total cell count of %d exceeded.\n"),`
`3260`		`-content->ncolumns*content->nrows);`
	`3272`	`+fprintf(stderr,_("Cannot add cell to table content: total cell count of %lld exceeded.\n"),`
	`3273`	`+(long longint)total_cells);`
`3261`	`3274`	`exit(EXIT_FAILURE);`
`3262`	`3275`	`}`
`3263`	`3276`
`@@ -3273,7 +3286,7 @@ printTableAddCell(printTableContent const content, char cell,`
`3273`	`3286`	`{`
`3274`	`3287`	`if (content->cellmustfree==NULL)`
`3275`	`3288`	`content->cellmustfree=`
`3276`		`-pg_malloc0((content->ncolumnscontent->nrows+1)sizeof(bool));`
	`3289`	`+pg_malloc0((total_cells+1)*sizeof(bool));`
`3277`	`3290`
`3278`	`3291`	`content->cellmustfree[content->cellsadded]= true;`
`3279`	`3292`	`}`
`@@ -3341,9 +3354,10 @@ printTableCleanup(printTableContent *const content)`
`3341`	`3354`	`{`
`3342`	`3355`	`if (content->cellmustfree)`
`3343`	`3356`	`{`
`3344`		`-inti;`
	`3357`	`+uint64total_cells;`
`3345`	`3358`
`3346`		`-for (i=0;i<content->nrows*content->ncolumns;i++)`
	`3359`	`+total_cells= (uint64)content->ncolumns*content->nrows;`
	`3360`	`+for (uint64i=0;i<total_cells;i++)`
`3347`	`3361`	`{`
`3348`	`3362`	`if (content->cellmustfree[i])`
`3349`	`3363`	`free(unconstify(char*,content->cells[i]));`

`‎src/include/fe_utils/print.h`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -171,7 +171,7 @@ typedef struct printTableContent`
`171`	`171`	`constchar*cells;/ NULL-terminated array of cell content`
`172`	`172`	`* strings */`
`173`	`173`	`constchar*cell;/ Pointer to the last added cell */`
`174`		`-longcellsadded;/* Number of cells added this far */`
	`174`	`+uint64cellsadded;/* Number of cells added this far */`
`175`	`175`	`boolcellmustfree;/ true for cells that need to be free()d */`
`176`	`176`	`printTableFooterfooters;/ Pointer to the first footer */`
`177`	`177`	`printTableFooterfooter;/ Pointer to the last added footer */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit24ea53d

File tree

2 files changed

2 files changed

`‎src/fe_utils/print.c`

`‎src/include/fe_utils/print.h`

0 commit comments