Bugs item #838317, was opened at 2003-11-08 00:20
Message generated for change (Settings changed) made by ballie01
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=116528&aid=838317&group_id=16528
Category: libpq
Group: None
>Status: Pending
Resolution: Fixed
Priority: 5
Submitted By: James Matthew Farrow (jmfarrow)
Assigned to: Billy G. Allie (ballie01)
Summary: Memory corruption in bytea handling
Initial Comment:
In unQuoteBytea the line (near the end)
sout[j] = (char)0;
in both unecessary (since Py_BuildValue for s# takes a
length)
and wrong. The memory allocated for sout is only the
same size as sin. If no characters require unquoting
in sin then this NUL ends up being placed _outside_ the
allocated memory and will corrupt things.
The line should be removed.
I suspect an extraneous NUL is also being appended in
libPQquoteBytea.
----------------------------------------------------------------------
Comment By: Billy G. Allie (ballie01)
Date: 2003-11-09 22:02
Message:
Logged In: YES
user_id=8500
Yes, the sout[j] = 0 in unQuoteBytea is an error.
There is a NUl being appended in libPQquoteBytea is
extraneous, but does not cause a problem as it is accounted
for in the size calculation of the buffer. Still it is not
needed and has been removed.
The code has been updated in CVS.
Thanks for the bug report and fix James.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=116528&aid=838317&group_id=16528
|
