NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit572fda2

committed

Modify wchar conversion routines to not fetch the next byte past the end

of a counted input string. Marinos Yannikos' recent crash report turnsout to be due to applying pg_ascii2wchar_with_len to a TEXT object thatis smack up against the end of memory. This is the second just-barely-reproducible bug report I have seen that traces to some bit of codefetching one more byte than it is allowed to. Let's be more carefulout there, boys and girls.While at it, I changed the code to not risk a similar crash when thereis a truncated multibyte character at the end of an input string. Theoutput in this case might not be the most reasonable output possible;if anyone wants to improve it further, step right up...

1 parentb109b03 commit572fda2Copy full SHA for 572fda2

File tree

2 files changed

+33

-35

lines changed

src/backend/utils/mb
- mbutils.c
- wchar.c

2 files changed

+33

-35

lines changed

`‎src/backend/utils/mb/mbutils.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`* client encoding and server internal encoding.`
`4`	`4`	`* (currently mule internal code (mic) is used)`
`5`	`5`	`* Tatsuo Ishii`
`6`		`- * $Id: mbutils.c,v 1.15 2001/02/10 02:31:27 tgl Exp $`
	`6`	`+ * $Id: mbutils.c,v 1.16 2001/03/08 00:24:34 tgl Exp $`
`7`	`7`	`*/`
`8`	`8`	`#include"postgres.h"`
`9`	`9`
`@@ -230,7 +230,7 @@ pg_mbstrlen_with_len(const unsigned char *mbstr, int limit)`
`230`	`230`	`intlen=0;`
`231`	`231`	`intl;`
`232`	`232`
`233`		`-while (*mbstr&&limit>0)`
	`233`	`+while (limit>0&&*mbstr)`
`234`	`234`	`{`
`235`	`235`	`l=pg_mblen(mbstr);`
`236`	`236`	`limit-=l;`
`@@ -252,7 +252,7 @@ pg_mbcliplen(const unsigned char *mbstr, int len, int limit)`
`252`	`252`	`intclen=0;`
`253`	`253`	`intl;`
`254`	`254`
`255`		`-while (*mbstr&&len>0)`
	`255`	`+while (len>0&&*mbstr)`
`256`	`256`	`{`
`257`	`257`	`l=pg_mblen(mbstr);`
`258`	`258`	`if ((clen+l)>limit)`
`@@ -267,7 +267,7 @@ pg_mbcliplen(const unsigned char *mbstr, int len, int limit)`
`267`	`267`	`}`
`268`	`268`
`269`	`269`	`/*`
`270`		`- *fuctions for utils/init`
	`270`	`+ *functions for utils/init`
`271`	`271`	`*/`
`272`	`272`	`staticintDatabaseEncoding=MULTIBYTE;`
`273`	`273`

`‎src/backend/utils/mb/wchar.c`

Lines changed: 29 additions & 31 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/*`
`2`	`2`	`* conversion functions between pg_wchar and multi-byte streams.`
`3`	`3`	`* Tatsuo Ishii`
`4`		`- * $Id: wchar.c,v 1.15 2001/02/11 01:59:22 ishii Exp $`
	`4`	`+ * $Id: wchar.c,v 1.16 2001/03/08 00:24:34 tgl Exp $`
`5`	`5`	`*`
`6`	`6`	`* WIN1250 client encoding updated by Pavel Behal`
`7`	`7`	`*`
`@@ -27,7 +27,7 @@ static int pg_ascii2wchar_with_len`
`27`	`27`	`{`
`28`	`28`	`intcnt=0;`
`29`	`29`
`30`		`-while (*from&&len>0)`
	`30`	`+while (len>0&&*from)`
`31`	`31`	`{`
`32`	`32`	`to++=from++;`
`33`	`33`	`len--;`
`@@ -52,23 +52,22 @@ static int pg_euc2wchar_with_len`
`52`	`52`	`{`
`53`	`53`	`intcnt=0;`
`54`	`54`
`55`		`-while (*from&&len>0)`
	`55`	`+while (len>0&&*from)`
`56`	`56`	`{`
`57`		`-if (*from==SS2)`
	`57`	`+if (*from==SS2&&len >=2)`
`58`	`58`	`{`
`59`	`59`	`from++;`
`60`		`-len--;`
`61`	`60`	`to=0xff&from++;`
`62`		`-len--;`
	`61`	`+len-=2;`
`63`	`62`	`}`
`64`		`-elseif (*from==SS3)`
	`63`	`+elseif (*from==SS3&&len >=3)`
`65`	`64`	`{`
`66`	`65`	`from++;`
`67`	`66`	`to=from++ <<8;`
`68`	`67`	`to \|=0x3f&from++;`
`69`	`68`	`len-=3;`
`70`	`69`	`}`
`71`		`-elseif (*from&0x80)`
	`70`	`+elseif ((*from&0x80)&&len >=2)`
`72`	`71`	`{`
`73`	`72`	`to=from++ <<8;`
`74`	`73`	`to \|=from++;`
`@@ -140,24 +139,23 @@ static int pg_euccn2wchar_with_len`
`140`	`139`	`{`
`141`	`140`	`intcnt=0;`
`142`	`141`
`143`		`-while (*from&&len>0)`
	`142`	`+while (len>0&&*from)`
`144`	`143`	`{`
`145`		`-if (*from==SS2)`
	`144`	`+if (*from==SS2&&len >=3)`
`146`	`145`	`{`
`147`	`146`	`from++;`
`148`		`-len--;`
`149`	`147`	`to=0x3f00& (from++ <<8);`
`150`	`148`	`to=from++;`
`151`		`-len-=2;`
	`149`	`+len-=3;`
`152`	`150`	`}`
`153`		`-elseif (*from==SS3)`
	`151`	`+elseif (*from==SS3&&len >=3)`
`154`	`152`	`{`
`155`	`153`	`from++;`
`156`	`154`	`to=from++ <<8;`
`157`	`155`	`to \|=0x3f&from++;`
`158`	`156`	`len-=3;`
`159`	`157`	`}`
`160`		`-elseif (*from&0x80)`
	`158`	`+elseif ((*from&0x80)&&len >=2)`
`161`	`159`	`{`
`162`	`160`	`to=from++ <<8;`
`163`	`161`	`to \|=from++;`
`@@ -195,25 +193,24 @@ static int pg_euctw2wchar_with_len`
`195`	`193`	`{`
`196`	`194`	`intcnt=0;`
`197`	`195`
`198`		`-while (*from&&len>0)`
	`196`	`+while (len>0&&*from)`
`199`	`197`	`{`
`200`		`-if (*from==SS2)`
	`198`	`+if (*from==SS2&&len >=4)`
`201`	`199`	`{`
`202`	`200`	`from++;`
`203`		`-len--;`
`204`	`201`	`to=from++ <<16;`
`205`	`202`	`to \|=from++ <<8;`
`206`	`203`	`to \|=from++;`
`207`		`-len-=3;`
	`204`	`+len-=4;`
`208`	`205`	`}`
`209`		`-elseif (*from==SS3)`
	`206`	`+elseif (*from==SS3&&len >=3)`
`210`	`207`	`{`
`211`	`208`	`from++;`
`212`	`209`	`to=from++ <<8;`
`213`	`210`	`to \|=0x3f&from++;`
`214`	`211`	`len-=3;`
`215`	`212`	`}`
`216`		`-elseif (*from&0x80)`
	`213`	`+elseif ((*from&0x80)&&len >=2)`
`217`	`214`	`{`
`218`	`215`	`to=from++ <<8;`
`219`	`216`	`to \|=from++;`
`@@ -261,30 +258,30 @@ pg_utf2wchar_with_len(const unsigned char from, pg_wchar to, int len)`
`261`	`258`	`c3;`
`262`	`259`	`intcnt=0;`
`263`	`260`
`264`		`-while (*from&&len>0)`
	`261`	`+while (len>0&&*from)`
`265`	`262`	`{`
`266`	`263`	`if ((*from&0x80)==0)`
`267`	`264`	`{`
`268`	`265`	`to=from++;`
`269`	`266`	`len--;`
`270`	`267`	`}`
`271`		`-elseif ((*from&0xe0)==0xc0)`
	`268`	`+elseif ((*from&0xe0)==0xc0&&len >=2)`
`272`	`269`	`{`
`273`	`270`	`c1=*from++&0x1f;`
`274`	`271`	`c2=*from++&0x3f;`
`275`		`-len-=2;`
`276`	`272`	`*to=c1 <<6;`
`277`	`273`	`*to \|=c2;`
	`274`	`+len-=2;`
`278`	`275`	`}`
`279`		`-elseif ((*from&0xe0)==0xe0)`
	`276`	`+elseif ((*from&0xe0)==0xe0&&len >=3)`
`280`	`277`	`{`
`281`	`278`	`c1=*from++&0x0f;`
`282`	`279`	`c2=*from++&0x3f;`
`283`	`280`	`c3=*from++&0x3f;`
`284`		`-len-=3;`
`285`	`281`	`*to=c1 <<12;`
`286`	`282`	`*to \|=c2 <<6;`
`287`	`283`	`*to \|=c3;`
	`284`	`+len-=3;`
`288`	`285`	`}`
`289`	`286`	`else`
`290`	`287`	`{`
`@@ -326,29 +323,29 @@ pg_mule2wchar_with_len(const unsigned char from, pg_wchar to, int len)`
`326`	`323`	`{`
`327`	`324`	`intcnt=0;`
`328`	`325`
`329`		`-while (*from&&len>0)`
	`326`	`+while (len>0&&*from)`
`330`	`327`	`{`
`331`		`-if (IS_LC1(*from))`
	`328`	`+if (IS_LC1(*from)&&len >=2)`
`332`	`329`	`{`
`333`	`330`	`to=from++ <<16;`
`334`	`331`	`to \|=from++;`
`335`	`332`	`len-=2;`
`336`	`333`	`}`
`337`		`-elseif (IS_LCPRV1(*from))`
	`334`	`+elseif (IS_LCPRV1(*from)&&len >=3)`
`338`	`335`	`{`
`339`	`336`	`from++;`
`340`	`337`	`to=from++ <<16;`
`341`	`338`	`to \|=from++;`
`342`	`339`	`len-=3;`
`343`	`340`	`}`
`344`		`-elseif (IS_LC2(*from))`
	`341`	`+elseif (IS_LC2(*from)&&len >=3)`
`345`	`342`	`{`
`346`	`343`	`to=from++ <<16;`
`347`	`344`	`to \|=from++ <<8;`
`348`	`345`	`to \|=from++;`
`349`	`346`	`len-=3;`
`350`	`347`	`}`
`351`		`-elseif (IS_LCPRV2(*from))`
	`348`	`+elseif (IS_LCPRV2(*from)&&len >=4)`
`352`	`349`	`{`
`353`	`350`	`from++;`
`354`	`351`	`to=from++ <<16;`
`@@ -396,9 +393,10 @@ pg_latin12wchar_with_len(const unsigned char from, pg_wchar to, int len)`
`396`	`393`	`{`
`397`	`394`	`intcnt=0;`
`398`	`395`
`399`		`-while (*from&&len-->0)`
	`396`	`+while (len>0&&*from)`
`400`	`397`	`{`
`401`	`398`	`to++=from++;`
	`399`	`+len--;`
`402`	`400`	`cnt++;`
`403`	`401`	`}`
`404`	`402`	`*to=0;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit572fda2

File tree

2 files changed

2 files changed

`‎src/backend/utils/mb/mbutils.c`

`‎src/backend/utils/mb/wchar.c`

0 commit comments