NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit3c18d90

committed

Null-terminate the output buffer of LZ4Stream_gets

LZ4Stream_gets did not null-terminate its output buffer. The callers expectedthe buffer to be null-terminated and passed it around to functions such assscanf with unintended consequences.Author: Georgios Kokolatos <gkokolatos@pm.me>Reported-by: Alexander Lakhin <exclusion@gmail.com>Discussion:https://postgr.es/m/94ae9bca-5ebb-1e68-bb7b-4f32e89fefbe@gmail.com

1 parentd8c3106 commit3c18d90Copy full SHA for 3c18d90

File tree

1 file changed

+11

-1

lines changed

src/bin/pg_dump
- compress_lz4.c

1 file changed

+11

-1

lines changed

`‎src/bin/pg_dump/compress_lz4.c`

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -459,6 +459,10 @@ LZ4Stream_read_internal(LZ4State state, void ptr, int ptrsize, bool eol_flag)`
`459`	`459`	`if (!LZ4Stream_init(state,size, false/* decompressing */ ))`
`460`	`460`	`return-1;`
`461`	`461`
	`462`	`+/* No work needs to be done for a zero-sized output buffer */`
	`463`	`+if (size <=0)`
	`464`	`+return0;`
	`465`	`+`
`462`	`466`	`/* Verify that there is enough space in the outbuf */`
`463`	`467`	`if (size>state->buflen)`
`464`	`468`	`{`
`@@ -636,14 +640,20 @@ LZ4Stream_gets(char ptr, int size, CompressFileHandle CFH)`
`636`	`640`	`LZ4Statestate= (LZ4State)CFH->private_data;`
`637`	`641`	`intret;`
`638`	`642`
`639`		`-ret=LZ4Stream_read_internal(state,ptr,size, true);`
	`643`	`+ret=LZ4Stream_read_internal(state,ptr,size-1, true);`
`640`	`644`	`if (ret<0\|\| (ret==0&& !LZ4Stream_eof(CFH)))`
`641`	`645`	`pg_fatal("could not read from input file: %s",LZ4Stream_get_error(CFH));`
`642`	`646`
`643`	`647`	`/* Done reading */`
`644`	`648`	`if (ret==0)`
`645`	`649`	`returnNULL;`
`646`	`650`
	`651`	`+/*`
	`652`	`+ * Our caller expects the return string to be NULL terminated`
	`653`	`+ * and we know that ret is greater than zero.`
	`654`	`+ */`
	`655`	`+ptr[ret-1]='\0';`
	`656`	`+`
`647`	`657`	`returnptr;`
`648`	`658`	`}`
`649`	`659`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3c18d90

File tree

1 file changed

1 file changed

`‎src/bin/pg_dump/compress_lz4.c`

0 commit comments