psql: Fix invalid memory access

Due to an apparent thinko, when printing a table in expanded mode
(\x), space would be allocated for 1 slot plus 1 byte per line,
instead of 1 slot per line plus 1 slot for the NULL terminator.  When
the line count is small, reading or writing the terminator would
therefore access memory beyond what was allocated.

diff --git a/src/bin/psql/print.c b/src/bin/psql/print.c
index dec440c264e54258e2c6fffef0d4746a9bb2d091..594a63acfd240ef03c8ab7a442209031d870e429 100644 (file)
--- a/src/bin/psql/print.c
+++ b/src/bin/psql/print.c
@@ -1210,8 +1210,8 @@ print_aligned_vertical(const printTableContent *cont, FILE *fout)
     * We now have all the information we need to setup the formatting
     * structures
     */
-   dlineptr = pg_local_malloc((sizeof(*dlineptr) + 1) * dheight);
-   hlineptr = pg_local_malloc((sizeof(*hlineptr) + 1) * hheight);
+   dlineptr = pg_local_malloc((sizeof(*dlineptr)) * (dheight + 1));
+   hlineptr = pg_local_malloc((sizeof(*hlineptr)) * (hheight + 1));
 
    dlineptr->ptr = pg_local_malloc(dformatsize);
    hlineptr->ptr = pg_local_malloc(hformatsize);