Re: [HACKERS] fix ecpg core dump when there's a very long struct variable name in .pgc file

Thu, 22 Nov 2012 02:52:21 -0800 

sorry,There's a miss(with out free memory) in that patch sended just now,
and resend it.

Best Regards,
Chen Huajun

(2012/11/22 18:09), Chen Huajun wrote:
> hi
> 
> I found a small bug in ecpg command and try to fix it.
> Please check if it is correct.
> 
> When use a struct variable whose name length is very very long such as 12KB 
> in .pgc source,
> ecpg will core dump because of buffer overflow if precompile the .pgc file.
> 
> $ ecpg testLongStructName.pgc
> Segmentation fault (core dumped)
> 
> 
> Normally no body will write a variable with so long name,
> but whether it's better to fix it.
> 
> 
> Best Regards,
> Chen Huajun
> 
> 
> 
> 

-- 
Best Regards
--------------------------------------------------
  富士通南大軟件技術有限公司(FNST)
  第二ソフトウェア事業部第三開発部
  陳華軍(チン カグン)
  Addr: 南京富士通南大軟件技術有限公司(FNST)
        中国南京市雨花台区文竹路6号(210012)
  Mail: che...@cn.fujitsu.com
  Tel : +86+25-86630566-8406  内線: 7998-8406
  Fax : +86+25-83317685
--------------------------------------------------

diff --git a/postgresql-9.2rc1_org/src/interfaces/ecpg/preproc/type.c 
b/postgresql-9.2rc1_new/src/interfaces/ecpg/preproc/type.c
index c743616..cf2ff15 100644
--- a/postgresql-9.2rc1_org/src/interfaces/ecpg/preproc/type.c
+++ b/postgresql-9.2rc1_new/src/interfaces/ecpg/preproc/type.c
@@ -506,8 +506,8 @@ ECPGdump_a_struct(FILE *o, const char *name, const char 
*ind_name, char *arrsiz,
         */
        struct ECPGstruct_member *p,
                           *ind_p = NULL;
-       char            pbuf[BUFSIZ],
-                               ind_pbuf[BUFSIZ];
+       char            *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == 
NULL) ? 0 : strlen(prefix)) + 3);
+       char            *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + 
((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3);
 
        if (atoi(arrsiz) == 1)
                sprintf(pbuf, "%s%s.", prefix ? prefix : "", name);
@@ -540,6 +540,9 @@ ECPGdump_a_struct(FILE *o, const char *name, const char 
*ind_name, char *arrsiz,
                if (ind_p != NULL && ind_p != &struct_no_indicator)
                        ind_p = ind_p->next;
        }
+
+       free(pbuf);
+       free(ind_pbuf);
 }
 
 void

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to