Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit87d9bbc

Browse files
committed
Fix over-allocation of space for array_out()'s result string.
array_out overestimated the space needed for its output, possibly bya very substantial amount if the array is multi-dimensional, becauseof wrong order of operations in the loop that counts the number ofcurly-brace pairs needed. While the output string is normallyshort-lived, this could still cause problems in extreme cases.An additional minor error was that it counted one more delimiter thanis actually needed.Repair those errors, add an Assert that the space is now correctlycalculated, and make some minor improvements in the comments.I also failed to resist the temptation to get rid of an integermodulus operation per array element; a simple comparison is sufficient.This bug dates clear back to Berkeley days, so back-patch to allsupported versions.Keiichi Hirobe, minor additional work by meDiscussion:https://postgr.es/m/CAH=EFxE9W0tRvQkixR2XJRRCToUYUEDkJZk6tnADXugPBRdcdg@mail.gmail.com
1 parentc62dd80 commit87d9bbc

File tree

1 file changed

+22
-10
lines changed

1 file changed

+22
-10
lines changed

‎src/backend/utils/adt/arrayfuncs.c

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1027,8 +1027,8 @@ array_out(PG_FUNCTION_ARGS)
10271027
*/
10281028
bool*needquotes,
10291029
needdims= false;
1030+
size_toverall_length;
10301031
intnitems,
1031-
overall_length,
10321032
i,
10331033
j,
10341034
k,
@@ -1102,7 +1102,7 @@ array_out(PG_FUNCTION_ARGS)
11021102
*/
11031103
values= (char**)palloc(nitems*sizeof(char*));
11041104
needquotes= (bool*)palloc(nitems*sizeof(bool));
1105-
overall_length=1;/* don't forget to count \0 at end. */
1105+
overall_length=0;
11061106

11071107
array_iter_setup(&iter,v);
11081108

@@ -1155,19 +1155,24 @@ array_out(PG_FUNCTION_ARGS)
11551155
/* Count the pair of double quotes, if needed */
11561156
if (needquote)
11571157
overall_length+=2;
1158-
/* and the comma */
1158+
/* and the comma(or other typdelim delimiter)*/
11591159
overall_length+=1;
11601160
}
11611161

11621162
/*
1163-
* count total number of curly braces in output string
1163+
* The very last array element doesn't have a typdelim delimiter after it,
1164+
* but that's OK; that space is needed for the trailing '\0'.
1165+
*
1166+
* Now count total number of curly brace pairs in output string.
11641167
*/
11651168
for (i=j=0,k=1;i<ndim;i++)
1166-
k *=dims[i],j+=k;
1169+
{
1170+
j+=k,k *=dims[i];
1171+
}
1172+
overall_length+=2*j;
11671173

1174+
/* Format explicit dimensions if required */
11681175
dims_str[0]='\0';
1169-
1170-
/* add explicit dimensions if required */
11711176
if (needdims)
11721177
{
11731178
char*ptr=dims_str;
@@ -1179,9 +1184,11 @@ array_out(PG_FUNCTION_ARGS)
11791184
}
11801185
*ptr++=*ASSGN;
11811186
*ptr='\0';
1187+
overall_length+=ptr-dims_str;
11821188
}
11831189

1184-
retval= (char*)palloc(strlen(dims_str)+overall_length+2*j);
1190+
/* Now construct the output string */
1191+
retval= (char*)palloc(overall_length);
11851192
p=retval;
11861193

11871194
#defineAPPENDSTR(str)(strcpy(p, (str)), p += strlen(p))
@@ -1219,21 +1226,26 @@ array_out(PG_FUNCTION_ARGS)
12191226

12201227
for (i=ndim-1;i >=0;i--)
12211228
{
1222-
indx[i]= (indx[i]+1) %dims[i];
1223-
if (indx[i])
1229+
if (++(indx[i])<dims[i])
12241230
{
12251231
APPENDCHAR(typdelim);
12261232
break;
12271233
}
12281234
else
1235+
{
1236+
indx[i]=0;
12291237
APPENDCHAR('}');
1238+
}
12301239
}
12311240
j=i;
12321241
}while (j!=-1);
12331242

12341243
#undef APPENDSTR
12351244
#undef APPENDCHAR
12361245

1246+
/* Assert that we calculated the string length accurately */
1247+
Assert(overall_length== (p-retval+1));
1248+
12371249
pfree(values);
12381250
pfree(needquotes);
12391251

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp