Python Interface to PostgreSQL / Bugs / #56 Memory corruption in bytea handling

#56 Memory corruption in bytea handling

Status: closed-fixed

Owner: Billy G. Allie

Labels: libpq (15)

Priority: 5

Updated: 2003-11-10

Created: 2003-11-08

Creator: James Matthew Farrow

Private: No

In unQuoteBytea the line (near the end)

sout[j] = (char)0;

in both unecessary (since Py_BuildValue for s# takes a
length)
and wrong. The memory allocated for sout is only the
same size as sin. If no characters require unquoting
in sin then this NUL ends up being placed _outside_ the
allocated memory and will corrupt things.

The line should be removed.

I suspect an extraneous NUL is also being appended in
libPQquoteBytea.

Discussion

Billy G. Allie - 2003-11-10

Logged In: YES
user_id=8500

Yes, the sout[j] = 0 in unQuoteBytea is an error.

There is a NUl being appended in libPQquoteBytea is
extraneous, but does not cause a problem as it is accounted
for in the size calculation of the buffer. Still it is not
needed and has been removed.

The code has been updated in CVS.

Thanks for the bug report and fix James.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Billy G. Allie - 2003-11-10

assigned_to: nobody --> ballie01

status: open --> open-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Billy G. Allie - 2003-11-10

status: open-fixed --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Memory corruption in bytea handling

Group

Searches

Help

#56 Memory corruption in bytea handling

Discussion