NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit5840b89

committed

Repair problems with to_char() overrunning its input string.

From Karel Zak.

1 parent5ac2d7c commit5840b89Copy full SHA for 5840b89

File tree

1 file changed

+68

-57

lines changed

src/backend/utils/adt
- formatting.c

1 file changed

+68

-57

lines changed

`‎src/backend/utils/adt/formatting.c`

Lines changed: 68 additions & 57 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/* -----------------------------------------------------------------------`
`2`	`2`	`* formatting.c`
`3`	`3`	`*`
`4`		`- * $Header: /cvsroot/pgsql/src/backend/utils/adt/formatting.c,v 1.67 2003/08/25 16:13:27 tgl Exp $`
	`4`	`+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/formatting.c,v 1.68 2003/09/03 14:59:41 tgl Exp $`
`5`	`5`	`*`
`6`	`6`	`*`
`7`	`7`	`* Portions Copyright (c) 1999-2003, PostgreSQL Global Development Group`
`@@ -1294,6 +1294,16 @@ DCH_processor(FormatNode node, char inout, int flag, void *data)`
`1294`	`1294`
`1295`	`1295`	`for (n=node,s=inout;n->type!=NODE_TYPE_END;n++)`
`1296`	`1296`	`{`
	`1297`	`+if (flag==FROM_CHAR&&*s=='\0')`
	`1298`	`+/*`
	`1299`	`+ * The input string is shorter than format picture,`
	`1300`	`+ * so it's good time to break this loop...`
	`1301`	`+ *`
	`1302`	`+ * Note: this isn't relevant for TO_CHAR mode, beacuse`
	`1303`	`+ * it use 'inout' allocated by format picture length.`
	`1304`	`+ */`
	`1305`	`+break;`
	`1306`	`+`
`1297`	`1307`	`if (n->type==NODE_TYPE_ACTION)`
`1298`	`1308`	`{`
`1299`	`1309`	`intlen;`
`@@ -1328,9 +1338,8 @@ DCH_processor(FormatNode node, char inout, int flag, void *data)`
`1328`	`1338`	`}`
`1329`	`1339`	`}`
`1330`	`1340`	`}`
`1331`		`-`
	`1341`	`+`
`1332`	`1342`	`++s;/* ! */`
`1333`		`-`
`1334`	`1343`	`}`
`1335`	`1344`
`1336`	`1345`	`if (flag==TO_CHAR)`
`@@ -2715,10 +2724,10 @@ datetime_to_char_body(TmToChar tmtc, text fmt)`
`2715`	`2724`	`{`
`2716`	`2725`	`FormatNode*format;`
`2717`	`2726`	`structtm*tm=NULL;`
`2718`		`-char*str_fmt,`
`2719`		`-*result;`
`2720`		`-boolincache;`
`2721`		`-intlen=VARSIZE(fmt)-VARHDRSZ;`
	`2727`	`+char*fmt_str,`
	`2728`	`+*result;`
	`2729`	`+boolincache;`
	`2730`	`+intfmt_len=VARSIZE(fmt)-VARHDRSZ;`
`2722`	`2731`
`2723`	`2732`	`tm=tmtcTm(tmtc);`
`2724`	`2733`	`tm->tm_wday= (date2j(tm->tm_year,tm->tm_mon,tm->tm_mday)+1) %7;`
`@@ -2727,29 +2736,28 @@ datetime_to_char_body(TmToChar tmtc, text fmt)`
`2727`	`2736`	`/*`
`2728`	`2737`	`* Convert fmt to C string`
`2729`	`2738`	`*/`
`2730`		`-str_fmt= (char*)palloc(len+1);`
`2731`		`-memcpy(str_fmt,VARDATA(fmt),len);`
`2732`		`-*(str_fmt+len)='\0';`
	`2739`	`+fmt_str= (char*)palloc(fmt_len+1);`
	`2740`	`+memcpy(fmt_str,VARDATA(fmt),fmt_len);`
	`2741`	`+*(fmt_str+fmt_len)='\0';`
`2733`	`2742`
`2734`	`2743`	`/*`
`2735`	`2744`	`* Allocate result`
`2736`	`2745`	`*/`
`2737`		`-result=palloc((len*DCH_MAX_ITEM_SIZ)+1);`
	`2746`	`+result=palloc((fmt_len*DCH_MAX_ITEM_SIZ)+1);`
`2738`	`2747`
`2739`	`2748`	`/*`
`2740`	`2749`	`* Allocate new memory if format picture is bigger than static cache`
`2741`		`- * and not use cache (call parser always) - incache=FALSE show this`
`2742`		`- * variant`
	`2750`	`+ * and not use cache (call parser always)`
`2743`	`2751`	`*/`
`2744`		`-if (len>DCH_CACHE_SIZE)`
	`2752`	`+if (fmt_len>DCH_CACHE_SIZE)`
`2745`	`2753`	`{`
`2746`		`-format= (FormatNode)palloc((len+1)sizeof(FormatNode));`
	`2754`	`+format= (FormatNode)palloc((fmt_len+1)sizeof(FormatNode));`
`2747`	`2755`	`incache= FALSE;`
`2748`	`2756`
`2749`		`-parse_format(format,str_fmt,DCH_keywords,`
	`2757`	`+parse_format(format,fmt_str,DCH_keywords,`
`2750`	`2758`	`DCH_suff,DCH_index,DCH_TYPE,NULL);`
`2751`	`2759`
`2752`		`-(format+len)->type=NODE_TYPE_END;/* Paranoia? */`
	`2760`	`+(format+fmt_len)->type=NODE_TYPE_END;/* Paranoia? */`
`2753`	`2761`
`2754`	`2762`	`}`
`2755`	`2763`	`else`
`@@ -2758,25 +2766,24 @@ datetime_to_char_body(TmToChar tmtc, text fmt)`
`2758`	`2766`	`* Use cache buffers`
`2759`	`2767`	`*/`
`2760`	`2768`	`DCHCacheEntry*ent;`
`2761`		`-`
`2762`	`2769`	`incache= TRUE;`
`2763`	`2770`
`2764`		`-if ((ent=DCH_cache_search(str_fmt))==NULL)`
	`2771`	`+if ((ent=DCH_cache_search(fmt_str))==NULL)`
`2765`	`2772`	`{`
`2766`	`2773`
`2767`		`-ent=DCH_cache_getnew(str_fmt);`
	`2774`	`+ent=DCH_cache_getnew(fmt_str);`
`2768`	`2775`
`2769`	`2776`	`/*`
`2770`	`2777`	`* Not in the cache, must run parser and save a new`
`2771`	`2778`	`* format-picture to the cache.`
`2772`	`2779`	`*/`
`2773`		`-parse_format(ent->format,str_fmt,DCH_keywords,`
	`2780`	`+parse_format(ent->format,fmt_str,DCH_keywords,`
`2774`	`2781`	`DCH_suff,DCH_index,DCH_TYPE,NULL);`
`2775`	`2782`
`2776`		`-(ent->format+len)->type=NODE_TYPE_END;/* Paranoia? */`
	`2783`	`+(ent->format+fmt_len)->type=NODE_TYPE_END;/* Paranoia? */`
`2777`	`2784`
`2778`	`2785`	`#ifdefDEBUG_TO_FROM_CHAR`
`2779`		`-/* dump_node(ent->format,len); */`
	`2786`	`+/* dump_node(ent->format,fmt_len); */`
`2780`	`2787`	`/* dump_index(DCH_keywords, DCH_index); */`
`2781`	`2788`	`#endif`
`2782`	`2789`	`}`
`@@ -2788,22 +2795,27 @@ datetime_to_char_body(TmToChar tmtc, text fmt)`
`2788`	`2795`	`if (!incache)`
`2789`	`2796`	`pfree(format);`
`2790`	`2797`
`2791`		`-pfree(str_fmt);`
	`2798`	`+pfree(fmt_str);`
`2792`	`2799`
`2793`	`2800`	`/*`
`2794`	`2801`	`* for result is allocated max memory, which current format-picture`
`2795`	`2802`	`* needs, now it allocate result with real size`
`2796`	`2803`	`*/`
`2797`		`-if (!(len=strlen(result)))`
`2798`		`-pfree(result);`
`2799`		`-else`
	`2804`	`+if (result&&*result)`
`2800`	`2805`	`{`
`2801`		`-textres= (text)palloc(len+1+VARHDRSZ);`
	`2806`	`+intlen=strlen(result);`
	`2807`	`+`
	`2808`	`+if (len)`
	`2809`	`+{`
	`2810`	`+textres= (text)palloc(len+1+VARHDRSZ);`
`2802`	`2811`
`2803`		`-memcpy(VARDATA(res),result,len);`
`2804`		`-VARATT_SIZEP(res)=len+VARHDRSZ;`
`2805`		`-returnres;`
	`2812`	`+memcpy(VARDATA(res),result,len);`
	`2813`	`+VARATT_SIZEP(res)=len+VARHDRSZ;`
	`2814`	`+pfree(result);`
	`2815`	`+returnres;`
	`2816`	`+}`
`2806`	`2817`	`}`
	`2818`	`+pfree(result);`
`2807`	`2819`	`returnNULL;`
`2808`	`2820`	`}`
`2809`	`2821`
`@@ -2953,64 +2965,63 @@ do_to_timestamp(text date_txt, text fmt,`
`2953`	`2965`	`{`
`2954`	`2966`	`FormatNode*format;`
`2955`	`2967`	`TmFromChartmfc;`
`2956`		`-boolincache;`
`2957`		`-char*str;`
`2958`		`-char*date_str;`
`2959`		`-intlen,`
`2960`		`-date_len;`
	`2968`	`+intfmt_len;`
`2961`	`2969`
`2962`	`2970`	`ZERO_tm(tm);`
`2963`	`2971`	`*fsec=0;`
`2964`	`2972`
`2965`	`2973`	`ZERO_tmfc(&tmfc);`
`2966`	`2974`
`2967`		`-len=VARSIZE(fmt)-VARHDRSZ;`
	`2975`	`+fmt_len=VARSIZE(fmt)-VARHDRSZ;`
`2968`	`2976`
`2969`		`-if (len)`
	`2977`	`+if (fmt_len)`
`2970`	`2978`	`{`
`2971`		`-str= (char*)palloc(len+1);`
`2972`		`-memcpy(str,VARDATA(fmt),len);`
`2973`		`-*(str+len)='\0';`
	`2979`	`+intdate_len;`
	`2980`	`+char*fmt_str;`
	`2981`	`+char*date_str;`
	`2982`	`+boolincache;`
	`2983`	`+`
	`2984`	`+fmt_str= (char*)palloc(fmt_len+1);`
	`2985`	`+memcpy(fmt_str,VARDATA(fmt),fmt_len);`
	`2986`	`+*(fmt_str+fmt_len)='\0';`
`2974`	`2987`
`2975`	`2988`	`/*`
`2976`	`2989`	`* Allocate new memory if format picture is bigger than static`
`2977`		`- * cache and not use cache (call parser always) - incache=FALSE`
`2978`		`- * show this variant`
	`2990`	`+ * cache and not use cache (call parser always)`
`2979`	`2991`	`*/`
`2980`		`-if (len>DCH_CACHE_SIZE)`
	`2992`	`+if (fmt_len>DCH_CACHE_SIZE)`
`2981`	`2993`	`{`
`2982`		`-format= (FormatNode)palloc((len+1)sizeof(FormatNode));`
	`2994`	`+format= (FormatNode)palloc((fmt_len+1)sizeof(FormatNode));`
`2983`	`2995`	`incache= FALSE;`
`2984`	`2996`
`2985`		`-parse_format(format,str,DCH_keywords,`
	`2997`	`+parse_format(format,fmt_str,DCH_keywords,`
`2986`	`2998`	`DCH_suff,DCH_index,DCH_TYPE,NULL);`
`2987`	`2999`
`2988`		`-(format+len)->type=NODE_TYPE_END;/* Paranoia? */`
	`3000`	`+(format+fmt_len)->type=NODE_TYPE_END;/* Paranoia? */`
`2989`	`3001`	`}`
`2990`	`3002`	`else`
`2991`	`3003`	`{`
`2992`	`3004`	`/*`
`2993`	`3005`	`* Use cache buffers`
`2994`	`3006`	`*/`
`2995`	`3007`	`DCHCacheEntry*ent;`
	`3008`	`+incache= TRUE;`
`2996`	`3009`
`2997`		`-incache=0;`
`2998`		`-`
`2999`		`-if ((ent=DCH_cache_search(str))==NULL)`
	`3010`	`+if ((ent=DCH_cache_search(fmt_str))==NULL)`
`3000`	`3011`	`{`
`3001`	`3012`
`3002`		`-ent=DCH_cache_getnew(str);`
	`3013`	`+ent=DCH_cache_getnew(fmt_str);`
`3003`	`3014`
`3004`	`3015`	`/*`
`3005`	`3016`	`* Not in the cache, must run parser and save a new`
`3006`	`3017`	`* format-picture to the cache.`
`3007`	`3018`	`*/`
`3008`		`-parse_format(ent->format,str,DCH_keywords,`
	`3019`	`+parse_format(ent->format,fmt_str,DCH_keywords,`
`3009`	`3020`	`DCH_suff,DCH_index,DCH_TYPE,NULL);`
`3010`	`3021`
`3011`		`-(ent->format+len)->type=NODE_TYPE_END;/* Paranoia? */`
	`3022`	`+(ent->format+fmt_len)->type=NODE_TYPE_END;/* Paranoia? */`
`3012`	`3023`	`#ifdefDEBUG_TO_FROM_CHAR`
`3013`		`-/* dump_node(ent->format,len); */`
	`3024`	`+/* dump_node(ent->format,fmt_len); */`
`3014`	`3025`	`/* dump_index(DCH_keywords, DCH_index); */`
`3015`	`3026`	`#endif`
`3016`	`3027`	`}`
`@@ -3021,7 +3032,7 @@ do_to_timestamp(text date_txt, text fmt,`
`3021`	`3032`	`* Call action for each node in FormatNode tree`
`3022`	`3033`	`*/`
`3023`	`3034`	`#ifdefDEBUG_TO_FROM_CHAR`
`3024`		`-/* dump_node(format,len); */`
	`3035`	`+/* dump_node(format,fmt_len); */`
`3025`	`3036`	`#endif`
`3026`	`3037`
`3027`	`3038`	`/*`
`@@ -3035,8 +3046,8 @@ do_to_timestamp(text date_txt, text fmt,`
`3035`	`3046`	`DCH_processor(format,date_str,FROM_CHAR, (void*)&tmfc);`
`3036`	`3047`
`3037`	`3048`	`pfree(date_str);`
`3038`		`-pfree(str);`
`3039`		`-if (incache)`
	`3049`	`+pfree(fmt_str);`
	`3050`	`+if (!incache)`
`3040`	`3051`	`pfree(format);`
`3041`	`3052`	`}`
`3042`	`3053`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5840b89

File tree

1 file changed

1 file changed

`‎src/backend/utils/adt/formatting.c`

0 commit comments