Participants
Tsunakawa, Takayuki
Tsunakawa, Takayuki
Michael Meskes
Michael Meskes
Attachments
Thread Outline
#1Tsunakawa, TakayukiTsunakawa, Takayuki
Dec 22, 2016
#2Michael MeskesMichael Meskesto Tsunakawa, Takayuki (#1)
Dec 22, 2016

[bug fix] Trivial ecpg bug which can cause memory overrun

Started by Tsunakawa, Takayukiabout 9 years ago2 messages
#1Tsunakawa, Takayuki
Tsunakawa, Takayuki
tsunakawa.takay@jp.fujitsu.com
1 attachment(s)

Hello,

While investigating some other issue, we found a trivial bug of ecpg. The attached is a fix for that.

If you specify an input file which ends with "." (e.g. run "ecpg file."), ecpg writes one byte past the end of the allocated memory.

In addition, the following statement is misleading. Some people may think that file.ec.c will be converted to a.ec.c. But the actual behavior is that it is converted to file.c. So I clarified the paragraph a bit.

"If the extension of the input file is not .pgc, then the output file name is computed by appending .c to the full file name."

Regards
Takayuki Tsunakawa

Attachments:

ecpg_outfile.patchapplication/octet-stream; name=ecpg_outfile.patchDownload
diff --git a/doc/src/sgml/ref/ecpg-ref.sgml b/doc/src/sgml/ref/ecpg-ref.sgml
index 029bd4a..8bfb47c 100644
--- a/doc/src/sgml/ref/ecpg-ref.sgml
+++ b/doc/src/sgml/ref/ecpg-ref.sgml
@@ -42,11 +42,9 @@ PostgreSQL documentation
   <para>
    <command>ecpg</command> will convert each input file given on the
    command line to the corresponding C output file.  Input files
-   preferably have the extension <filename>.pgc</filename>, in which
-   case the extension will be replaced by <filename>.c</filename> to
-   determine the output file name.  If the extension of the input file
-   is not <filename>.pgc</filename>, then the output file name is
-   computed by appending <literal>.c</literal> to the full file name.
+   preferably have the extension <filename>.pgc</filename>.
+   The extension will be replaced by <filename>.c</filename> to
+   determine the output file name.
    The output file name can also be overridden using the
    <option>-o</option> option.
   </para>
diff --git a/src/interfaces/ecpg/preproc/ecpg.c b/src/interfaces/ecpg/preproc/ecpg.c
index 3b0de97..59dce14 100644
--- a/src/interfaces/ecpg/preproc/ecpg.c
+++ b/src/interfaces/ecpg/preproc/ecpg.c
@@ -313,7 +313,8 @@ main(int argc, char *const argv[])
 					base_yyout = stdout;
 				else
 				{
-					output_filename = mm_strdup(input_filename);
+					output_filename = mm_alloc(strlen(input_filename) + 3);
+					strcpy(output_filename, input_filename);
 
 					ptr2ext = strrchr(output_filename, '.');
 					/* make extension = .c resp. .h */
#2Michael Meskes
Michael Meskes
meskes@postgresql.org
In reply to: Tsunakawa, Takayuki (#1)
Re: [bug fix] Trivial ecpg bug which can cause memory overrun

Hi,

While investigating some other issue, we found a trivial bug of
ecpg.  The attached is a fix for that.
...

Thanks for spotting and fixing. Committed.

Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! SF 49ers! Use Debian GNU/Linux, PostgreSQL

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

← Back to Topics