Thanks, at least the problem I have reported seems gone after I
applied your patch.
--
Tatsuo Ishii

> After looking more closely I see that pg_restore has two different
> buffer overrun conditions in this one routine.  Attached is take two
> of my patch.
> 
> This would be a lot simpler and cleaner if _PrintData() simply didn't
> append a zero byte to the buffer contents.  Philip, is it actually
> necessary for it to do that?
> 
>                       regards, tom lane
> 
> 
> *** pg_backup_custom.c.orig   Fri Feb  9 17:32:26 2001
> --- pg_backup_custom.c        Sat Mar 17 12:25:17 2001
> ***************
> *** 150,156 ****
>       if (ctx->zp == NULL)
>       die_horribly(AH, "%s: unable to allocate zlib stream archive 
>context",progname);
>   
> !     ctx->zlibOut = (char*)malloc(zlibOutSize);
>       ctx->zlibIn = (char*)malloc(zlibInSize);
>       ctx->inSize = zlibInSize;
>       ctx->filePos = 0;
> --- 150,163 ----
>       if (ctx->zp == NULL)
>       die_horribly(AH, "%s: unable to allocate zlib stream archive 
>context",progname);
>   
> !     /*
> !      * zlibOutSize is the buffer size we tell zlib it can output to.  We
> !      * actually allocate one extra byte because some routines want to append
> !      * a trailing zero byte to the zlib output.  The input buffer is expansible
> !      * and is always of size ctx->inSize; zlibInSize is just the initial
> !      * default size for it.
> !      */
> !     ctx->zlibOut = (char*)malloc(zlibOutSize+1);
>       ctx->zlibIn = (char*)malloc(zlibInSize);
>       ctx->inSize = zlibInSize;
>       ctx->filePos = 0;
> ***************
> *** 518,531 ****
>   
>       blkLen = ReadInt(AH);
>       while (blkLen != 0) {
> !             if (blkLen > (ctx->inSize - 1)) {
>                       free(ctx->zlibIn);
>                       ctx->zlibIn = NULL;
> !                     ctx->zlibIn = (char*)malloc(blkLen);
>                       if (!ctx->zlibIn)
>                               die_horribly(AH, "%s: failed to allocate decompression 
>buffer\n", progname);
>   
> !                     ctx->inSize = blkLen;
>                       in = ctx->zlibIn;
>               }
>   
> --- 525,538 ----
>   
>       blkLen = ReadInt(AH);
>       while (blkLen != 0) {
> !             if (blkLen+1 > ctx->inSize) {
>                       free(ctx->zlibIn);
>                       ctx->zlibIn = NULL;
> !                     ctx->zlibIn = (char*)malloc(blkLen+1);
>                       if (!ctx->zlibIn)
>                               die_horribly(AH, "%s: failed to allocate decompression 
>buffer\n", progname);
>   
> !                     ctx->inSize = blkLen+1;
>                       in = ctx->zlibIn;
>               }
>   

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly

Reply via email to