From 9a3ddecdd9261856b1091da0f7a86fa41430eaa2 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sun, 20 Jan 2013 23:43:51 -0500
Subject: [PATCH] Fix one-byte buffer overrun in PQprintTuples().

This bug goes back to the original Postgres95 sources.  Its significance
to modern PG versions is marginal, since we have not used PQprintTuples()
internally in a very long time, and it doesn't seem to have ever been
documented either.  Still, it *is* exposed to client apps, so somebody
out there might possibly be using it.

Xi Wang
---
 src/interfaces/libpq/fe-print.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c
index 94ef40d3bcb..585e831cdb6 100644
--- a/src/interfaces/libpq/fe-print.c
+++ b/src/interfaces/libpq/fe-print.c
@@ -681,7 +681,6 @@ PQprintTuples(const PGresult *res,
 	int			i,
 				j;
 	char		formatString[80];
-
 	char	   *tborder = NULL;
 
 	nFields = PQnfields(res);
@@ -700,15 +699,15 @@ PQprintTuples(const PGresult *res,
 			int			width;
 
 			width = nFields * 14;
-			tborder = malloc(width + 1);
+			tborder = (char *) malloc(width + 1);
 			if (!tborder)
 			{
 				fprintf(stderr, libpq_gettext("out of memory\n"));
 				abort();
 			}
-			for (i = 0; i <= width; i++)
+			for (i = 0; i < width; i++)
 				tborder[i] = '-';
-			tborder[i] = '\0';
+			tborder[width] = '\0';
 			fprintf(fout, "%s\n", tborder);
 		}
 
-- 
GitLab