99
1010#include "catalog/pg_type.h"
1111#include "tsearch/ts_locale.h"
12+ #include "utils/memutils.h"
1213
1314
1415PG_MODULE_MAGIC ;
@@ -191,6 +192,18 @@ generate_trgm(char *str, int slen)
191192char * bword ,
192193* eword ;
193194
195+ /*
196+ * Guard against possible overflow in the palloc requests below. (We
197+ * don't worry about the additive constants, since palloc can detect
198+ * requests that are a little above MaxAllocSize --- we just need to
199+ * prevent integer overflow in the multiplications.)
200+ */
201+ if ((Size ) (slen /2 ) >= (MaxAllocSize / (sizeof (trgm )* 3 ))||
202+ (Size )slen >= (MaxAllocSize /pg_database_encoding_max_length ()))
203+ ereport (ERROR ,
204+ (errcode (ERRCODE_PROGRAM_LIMIT_EXCEEDED ),
205+ errmsg ("out of memory" )));
206+
194207trg = (TRGM * )palloc (TRGMHDRSIZE + sizeof (trgm )* (slen /2 + 1 )* 3 );
195208trg -> flag = ARRKEY ;
196209SET_VARSIZE (trg ,TRGMHDRSIZE );
@@ -200,7 +213,8 @@ generate_trgm(char *str, int slen)
200213
201214tptr = GETARR (trg );
202215
203- buf = palloc (sizeof (char )* (slen + 4 ));
216+ /* Allocate a buffer for case-folded, blank-padded words */
217+ buf = (char * )palloc (slen * pg_database_encoding_max_length ()+ 4 );
204218
205219if (LPADDING > 0 )
206220{
@@ -224,6 +238,7 @@ generate_trgm(char *str, int slen)
224238#ifdef IGNORECASE
225239pfree (bword );
226240#endif
241+
227242buf [LPADDING + bytelen ]= ' ' ;
228243buf [LPADDING + bytelen + 1 ]= ' ' ;
229244
@@ -239,7 +254,10 @@ generate_trgm(char *str, int slen)
239254if ((len = tptr - GETARR (trg ))== 0 )
240255return trg ;
241256
242- if (len > 0 )
257+ /*
258+ * Make trigrams unique.
259+ */
260+ if (len > 1 )
243261{
244262qsort ((void * )GETARR (trg ),len ,sizeof (trgm ),comp_trgm );
245263len = unique_array (GETARR (trg ),len );
@@ -422,6 +440,18 @@ generate_wildcard_trgm(const char *str, int slen)
422440bytelen ;
423441const char * eword ;
424442
443+ /*
444+ * Guard against possible overflow in the palloc requests below. (We
445+ * don't worry about the additive constants, since palloc can detect
446+ * requests that are a little above MaxAllocSize --- we just need to
447+ * prevent integer overflow in the multiplications.)
448+ */
449+ if ((Size ) (slen /2 ) >= (MaxAllocSize / (sizeof (trgm )* 3 ))||
450+ (Size )slen >= (MaxAllocSize /pg_database_encoding_max_length ()))
451+ ereport (ERROR ,
452+ (errcode (ERRCODE_PROGRAM_LIMIT_EXCEEDED ),
453+ errmsg ("out of memory" )));
454+
425455trg = (TRGM * )palloc (TRGMHDRSIZE + sizeof (trgm )* (slen /2 + 1 )* 3 );
426456trg -> flag = ARRKEY ;
427457SET_VARSIZE (trg ,TRGMHDRSIZE );
@@ -431,6 +461,7 @@ generate_wildcard_trgm(const char *str, int slen)
431461
432462tptr = GETARR (trg );
433463
464+ /* Allocate a buffer for blank-padded, but not yet case-folded, words */
434465buf = palloc (sizeof (char )* (slen + 4 ));
435466
436467/*
@@ -451,6 +482,7 @@ generate_wildcard_trgm(const char *str, int slen)
451482 * count trigrams
452483 */
453484tptr = make_trigrams (tptr ,buf2 ,bytelen ,charlen );
485+
454486#ifdef IGNORECASE
455487pfree (buf2 );
456488#endif
@@ -464,7 +496,7 @@ generate_wildcard_trgm(const char *str, int slen)
464496/*
465497 * Make trigrams unique.
466498 */
467- if (len > 0 )
499+ if (len > 1 )
468500{
469501qsort ((void * )GETARR (trg ),len ,sizeof (trgm ),comp_trgm );
470502len = unique_array (GETARR (trg ),len );