From 9a3ddecdd9261856b1091da0f7a86fa41430eaa2 Mon Sep 17 00:00:00 2001 From: Tom Lane <tgl@sss.pgh.pa.us> Date: Sun, 20 Jan 2013 23:43:51 -0500 Subject: [PATCH] Fix one-byte buffer overrun in PQprintTuples(). This bug goes back to the original Postgres95 sources. Its significance to modern PG versions is marginal, since we have not used PQprintTuples() internally in a very long time, and it doesn't seem to have ever been documented either. Still, it *is* exposed to client apps, so somebody out there might possibly be using it. Xi Wang --- src/interfaces/libpq/fe-print.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c index 94ef40d3bcb..585e831cdb6 100644 --- a/src/interfaces/libpq/fe-print.c +++ b/src/interfaces/libpq/fe-print.c @@ -681,7 +681,6 @@ PQprintTuples(const PGresult *res, int i, j; char formatString[80]; - char *tborder = NULL; nFields = PQnfields(res); @@ -700,15 +699,15 @@ PQprintTuples(const PGresult *res, int width; width = nFields * 14; - tborder = malloc(width + 1); + tborder = (char *) malloc(width + 1); if (!tborder) { fprintf(stderr, libpq_gettext("out of memory\n")); abort(); } - for (i = 0; i <= width; i++) + for (i = 0; i < width; i++) tborder[i] = '-'; - tborder[i] = '\0'; + tborder[width] = '\0'; fprintf(fout, "%s\n", tborder); } -- GitLab