Menu
▾
▴
[Pypgsql-devel] [ pypgsql-Bugs-1178976 ] unQuoteBytea adds an extraneous NUL byte
|
From: SourceForge.net <no...@so...> - 2005-05-16 03:40:30
|
Bugs item #1178976, was opened at 2005-04-07 23:10 Message generated for change (Settings changed) made by ballie01 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=116528&aid=1178976&group_id=16528 Category: PgResult Group: None >Status: Pending >Resolution: Fixed Priority: 7 Submitted By: Ben Rampling (benr_web) Assigned to: Billy G. Allie (ballie01) Summary: unQuoteBytea adds an extraneous NUL byte Initial Comment: "unQuoteBytea" in libpqmodule.c was modified between release 2.4 and the current CVS version. The function starts: PyObject *unQuoteBytea(char *sin) { int i, j, slen, byte; char *sout; PyObject *result; slen = strlen(sin) + 1; /* ! */ In release 2.4 the last line was: slen = strlen(sin); As a result of this change, if you do: cursor.execute("SELECT 'Quick Brown'::bytea") and then print the result, you get: 'Quick Brown\x00' In the release version 2.4, you get what I would expect: 'Quick Brown' Looking at all of unQuoteBytea, it looks quite safe to just remove the + 1. The entire function treats sout as a memory buffer possibly containing null characters, with the length in slen. Py_BuildValue is using "s#" as the format and doesn't require or want any terminator. Perhaps this happened when the fixes for libPQquoteBytea were being applied? ---------------------------------------------------------------------- Comment By: Billy G. Allie (ballie01) Date: 2005-04-08 20:45 Message: Logged In: YES user_id=8500 After my previous post, I went back and did some checking. You are correct. The length should only be strlen(sin), not strlen(sin) + 1. I will fix the code. ---------------------------------------------------------------------- Comment By: Billy G. Allie (ballie01) Date: 2005-04-08 15:15 Message: Logged In: YES user_id=8500 The change was made becuase the behaviour you expect is not correct. 'The quick brown fox'::bytea is 'The quick brown fox0x00' (remeber that 0x00 is a valid character in bytea strings). The previous behaviour could cause a buffer overflow condition in certain instances. See http://sourceforge.net/tracker/index.php?func=detail&aid=1029580&group_id=16528&atid=316528 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=116528&aid=1178976&group_id=16528 |
