diff options
| author | Tom Lane | 2000-07-07 21:12:53 +0000 |
|---|---|---|
| committer | Tom Lane | 2000-07-07 21:12:53 +0000 |
| commit | 65da0d66b4e89951078ebc43a5343780e4e700d6 (patch) | |
| tree | 8bc075c2b755432ac3c51516a0fdbc7dfd0e3c12 /src/include/c.h | |
| parent | de85dd1d51ab7325984ef36302831ca21e3ae53e (diff) | |
Fix misuse of StrNCpy to copy and add null to non-null-terminated data.
Does not work since it fetches one byte beyond the source data, and when
the phase of the moon is wrong, the source data is smack up against the
end of backend memory and you get SIGSEGV. Don't laugh, this is a fix
for an actual user bug report.
Diffstat (limited to 'src/include/c.h')
| -rw-r--r-- | src/include/c.h | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/include/c.h b/src/include/c.h index 65ff45aa923..250a8c6db16 100644 --- a/src/include/c.h +++ b/src/include/c.h @@ -8,7 +8,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: c.h,v 1.75 2000/07/06 21:33:44 petere Exp $ + * $Id: c.h,v 1.76 2000/07/07 21:12:47 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -781,11 +781,19 @@ extern int assertTest(int val); /* * StrNCpy - * Like standard library function strncpy(), except that result string - * is guaranteed to be null-terminated --- that is, at most N-1 bytes - * of the source string will be kept. - * Also, the macro returns no result (too hard to do that without - * evaluating the arguments multiple times, which seems worse). + * Like standard library function strncpy(), except that result string + * is guaranteed to be null-terminated --- that is, at most N-1 bytes + * of the source string will be kept. + * Also, the macro returns no result (too hard to do that without + * evaluating the arguments multiple times, which seems worse). + * + * BTW: when you need to copy a non-null-terminated string (like a text + * datum) and add a null, do not do it with StrNCpy(..., len+1). That + * might seem to work, but it fetches one byte more than there is in the + * text object. One fine day you'll have a SIGSEGV because there isn't + * another byte before the end of memory. Don't laugh, we've had real + * live bug reports from real live users over exactly this mistake. + * Do it honestly with "memcpy(dst,src,len); dst[len] = '\0';", instead. */ #define StrNCpy(dst,src,len) \ do \ |