Re: beta6 pg_restore core dumps
От | Tom Lane |
---|---|
Тема | Re: beta6 pg_restore core dumps |
Дата | |
Msg-id | 1449.984850280@sss.pgh.pa.us обсуждение исходный текст |
Ответ на | Re: beta6 pg_restore core dumps (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: beta6 pg_restore core dumps
(Tatsuo Ishii <t-ishii@sra.co.jp>)
Re: beta6 pg_restore core dumps (Philip Warner <pjw@rhyme.com.au>) Re: beta6 pg_restore core dumps (Martin Renters <martin@datafax.com>) |
Список | pgsql-hackers |
After looking more closely I see that pg_restore has two different buffer overrun conditions in this one routine. Attached is take two of my patch. This would be a lot simpler and cleaner if _PrintData() simply didn't append a zero byte to the buffer contents. Philip, is it actually necessary for it to do that? regards, tom lane *** pg_backup_custom.c.orig Fri Feb 9 17:32:26 2001 --- pg_backup_custom.c Sat Mar 17 12:25:17 2001 *************** *** 150,156 **** if (ctx->zp == NULL) die_horribly(AH, "%s: unable to allocate zlib stream archive context",progname); ! ctx->zlibOut = (char*)malloc(zlibOutSize); ctx->zlibIn = (char*)malloc(zlibInSize); ctx->inSize = zlibInSize; ctx->filePos = 0; --- 150,163 ---- if (ctx->zp == NULL) die_horribly(AH, "%s: unable to allocate zlib stream archive context",progname); ! /* ! * zlibOutSize is the buffer size we tell zlib it can output to. We ! * actually allocate one extra byte because some routines want to append ! * a trailing zero byte to the zlib output. The input buffer is expansible ! * and is always of size ctx->inSize; zlibInSize is just the initial ! * default size for it. ! */ ! ctx->zlibOut = (char*)malloc(zlibOutSize+1); ctx->zlibIn = (char*)malloc(zlibInSize); ctx->inSize = zlibInSize; ctx->filePos = 0; *************** *** 518,531 **** blkLen = ReadInt(AH); while (blkLen != 0) { ! if (blkLen > (ctx->inSize - 1)) { free(ctx->zlibIn); ctx->zlibIn = NULL; ! ctx->zlibIn = (char*)malloc(blkLen); if (!ctx->zlibIn) die_horribly(AH, "%s: failedto allocate decompression buffer\n", progname); ! ctx->inSize = blkLen; in = ctx->zlibIn; } --- 525,538 ---- blkLen = ReadInt(AH); while (blkLen != 0) { ! if (blkLen+1 > ctx->inSize) { free(ctx->zlibIn); ctx->zlibIn = NULL; ! ctx->zlibIn = (char*)malloc(blkLen+1); if (!ctx->zlibIn) die_horribly(AH, "%s:failed to allocate decompression buffer\n", progname); ! ctx->inSize = blkLen+1; in = ctx->zlibIn; }
В списке pgsql-hackers по дате отправления: