Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite1b040a

Browse files
committed
Fix potential buffer overrun in cube_out(), per report from
Bruno Wolff.
1 parent22bfa72 commite1b040a

File tree

2 files changed

+21
-24
lines changed

2 files changed

+21
-24
lines changed

‎contrib/cube/cube.c‎

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010

1111
#include"access/gist.h"
1212
#include"access/rtree.h"
13+
#include"lib/stringinfo.h"
1314
#include"utils/elog.h"
1415
#include"utils/palloc.h"
1516
#include"utils/builtins.h"
@@ -107,47 +108,43 @@ cube_in(char *str)
107108
* char *out_func(char *);
108109
*/
109110
char*
110-
cube_out(NDBOX*cube)
111+
cube_out(NDBOX*cube)
111112
{
112-
char*result;
113-
char*p;
114-
intequal=1;
113+
StringInfoDatabuf;
114+
boolequal= true;
115115
intdim=cube->dim;
116116
inti;
117117

118-
if (cube==NULL)
119-
return (NULL);
120-
121-
p=result= (char*)palloc(100);
118+
initStringInfo(&buf);
122119

123120
/*
124121
* while printing the first (LL) corner, check if it is equal to the
125-
*scond one
122+
*second one
126123
*/
127-
p+=sprintf(p,"(");
124+
appendStringInfoChar(&buf,'(');
128125
for (i=0;i<dim;i++)
129126
{
130-
p+=sprintf(p,"%g",cube->x[i]);
131-
p+=sprintf(p,", ");
127+
if (i>0)
128+
appendStringInfo(&buf,", ");
129+
appendStringInfo(&buf,"%g",cube->x[i]);
132130
if (cube->x[i]!=cube->x[i+dim])
133-
equal=0;
131+
equal=false;
134132
}
135-
p-=2;/* get rid of the last ", " */
136-
p+=sprintf(p,")");
133+
appendStringInfoChar(&buf,')');
137134

138135
if (!equal)
139136
{
140-
p+=sprintf(p,",(");
141-
for (i=dim;i<dim*2;i++)
137+
appendStringInfo(&buf,",(");
138+
for (i=0;i<dim;i++)
142139
{
143-
p+=sprintf(p,"%g",cube->x[i]);
144-
p+=sprintf(p,", ");
140+
if (i>0)
141+
appendStringInfo(&buf,", ");
142+
appendStringInfo(&buf,"%g",cube->x[i+dim]);
145143
}
146-
p-=2;
147-
p+=sprintf(p,")");
144+
appendStringInfoChar(&buf,')');
148145
}
149146

150-
return(result);
147+
returnbuf.data;
151148
}
152149

153150

‎contrib/cube/cube.sql.in‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,12 +8,12 @@ SET search_path = public;
88
CREATE FUNCTION cube_in(opaque)
99
RETURNS opaque
1010
AS 'MODULE_PATHNAME'
11-
LANGUAGE 'c';
11+
LANGUAGE 'c' WITH (isStrict);
1212

1313
CREATE FUNCTION cube_out(opaque)
1414
RETURNS opaque
1515
AS 'MODULE_PATHNAME'
16-
LANGUAGE 'c';
16+
LANGUAGE 'c' WITH (isStrict);
1717

1818
CREATE TYPE cube (
1919
internallength = variable,

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp