fix ecpg core dump when there's a very long struct variable name in .pgc file
hi
I found a small bug in ecpg command and try to fix it.
Please check if it is correct.
When use a struct variable whose name length is very very long such as 12KB in .pgc source,
ecpg will core dump because of buffer overflow if precompile the .pgc file.
$ ecpg testLongStructName.pgc
Segmentation fault (core dumped)
Normally no body will write a variable with so long name,
but whether it's better to fix it.
Best Regards,
Chen Huajun
Attachments:
ecpg_LongStrucNameDump_fix.difftext/plain; name=ecpg_LongStrucNameDump_fix.diffDownload
diff --git a/postgresql-9.2rc1_org/src/interfaces/ecpg/preproc/type.c b/postgresql-9.2rc1_new/src/interfaces/ecpg/preproc/type.c
index c743616..48cbc13 100644
--- a/postgresql-9.2rc1_org/src/interfaces/ecpg/preproc/type.c
+++ b/postgresql-9.2rc1_new/src/interfaces/ecpg/preproc/type.c
@@ -506,8 +506,8 @@ ECPGdump_a_struct(FILE *o, const char *name, const char *ind_name, char *arrsiz,
*/
struct ECPGstruct_member *p,
*ind_p = NULL;
- char pbuf[BUFSIZ],
- ind_pbuf[BUFSIZ];
+ char *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 3);
+ char *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + ((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3);
if (atoi(arrsiz) == 1)
sprintf(pbuf, "%s%s.", prefix ? prefix : "", name);
sorry,There's a miss(with out free memory) in that patch sended just now,
and resend it.
Best Regards,
Chen Huajun
(2012/11/22 18:09), Chen Huajun wrote:
hi
I found a small bug in ecpg command and try to fix it.
Please check if it is correct.When use a struct variable whose name length is very very long such as 12KB in .pgc source,
ecpg will core dump because of buffer overflow if precompile the .pgc file.$ ecpg testLongStructName.pgc
Segmentation fault (core dumped)Normally no body will write a variable with so long name,
but whether it's better to fix it.Best Regards,
Chen Huajun
--
Best Regards
--------------------------------------------------
富士通南大軟件技術有限公司(FNST)
第二ソフトウェア事業部第三開発部
陳華軍(チン カグン)
Addr: 南京富士通南大軟件技術有限公司(FNST)
中国南京市雨花台区文竹路6号(210012)
Mail: chenhj@cn.fujitsu.com
Tel : +86+25-86630566-8406 内線: 7998-8406
Fax : +86+25-83317685
--------------------------------------------------
Attachments:
ecpg_LongStrucNameDump_fix.difftext/plain; name=ecpg_LongStrucNameDump_fix.diffDownload
diff --git a/postgresql-9.2rc1_org/src/interfaces/ecpg/preproc/type.c b/postgresql-9.2rc1_new/src/interfaces/ecpg/preproc/type.c
index c743616..cf2ff15 100644
--- a/postgresql-9.2rc1_org/src/interfaces/ecpg/preproc/type.c
+++ b/postgresql-9.2rc1_new/src/interfaces/ecpg/preproc/type.c
@@ -506,8 +506,8 @@ ECPGdump_a_struct(FILE *o, const char *name, const char *ind_name, char *arrsiz,
*/
struct ECPGstruct_member *p,
*ind_p = NULL;
- char pbuf[BUFSIZ],
- ind_pbuf[BUFSIZ];
+ char *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 3);
+ char *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + ((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3);
if (atoi(arrsiz) == 1)
sprintf(pbuf, "%s%s.", prefix ? prefix : "", name);
@@ -540,6 +540,9 @@ ECPGdump_a_struct(FILE *o, const char *name, const char *ind_name, char *arrsiz,
if (ind_p != NULL && ind_p != &struct_no_indicator)
ind_p = ind_p->next;
}
+
+ free(pbuf);
+ free(ind_pbuf);
}
void
On Thu, Nov 22, 2012 at 06:09:20PM +0800, Chen Huajun wrote:
When use a struct variable whose name length is very very long such as 12KB in .pgc source,
ecpg will core dump because of buffer overflow if precompile the .pgc file.
How on earth did you run into this? :)
I absolutely agree that this is better be fixed and cjust committed the second
version of your patch.
Thanks.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at gmail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
How on earth did you run into this? :)
ooh, first I saw the code accidentally,it looks a bit dangerous and differents from the function ECPGdump_a_simple() above,
And then I tried to write a test to raise some errors.
Thanks for your comment,I will add the patch into commitfest later.
It maybe my first patch for open source.
And I am glad if I can do more for PostgreSQL which is so fine.:)
Regards,
Chen Huajun
(2012/11/23 21:42), Michael Meskes wrote:
Show quoted text
On Thu, Nov 22, 2012 at 06:09:20PM +0800, Chen Huajun wrote:
When use a struct variable whose name length is very very long such as 12KB in .pgc source,
ecpg will core dump because of buffer overflow if precompile the .pgc file.How on earth did you run into this? :)
I absolutely agree that this is better be fixed and cjust committed the second
version of your patch.Thanks.
Michael
On Sun, Nov 25, 2012 at 08:02:33PM +0800, Chen Huajun wrote:
Thanks for your comment,I will add the patch into commitfest later.
No need for that, the patch is already committed to the archive.
It maybe my first patch for open source.
It definitely is then.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at gmail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
(2012/11/25 22:18), Michael Meskes wrote:
On Sun, Nov 25, 2012 at 08:02:33PM +0800, Chen Huajun wrote:
Thanks for your comment,I will add the patch into commitfest later.
No need for that, the patch is already committed to the archive.
Oh,I got it,Thanks!
--
Regards,
Chen Huajun
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers