Fix off-by-one loop count in MapArrayTypeName, and get rid of static array.
MapArrayTypeName would copy up to NAMEDATALEN-1 bytes of the base type
name, which of course is wrong: after prepending '_' there is only room for
NAMEDATALEN-2 bytes. Aside from being the wrong result, this case would
lead to overrunning the statically allocated work buffer. This would be a
security bug if the function were ever used outside bootstrap mode, but it
isn't, at least not in any currently supported branches.
Aside from fixing the off-by-one loop logic, this patch gets rid of the
static work buffer by having MapArrayTypeName pstrdup its result; the sole
caller was already doing that, so this just requires moving the pstrdup
call. This saves a few bytes but mainly it makes the API a lot cleaner.
Back-patch on the off chance that there is some third-party code using
MapArrayTypeName with less-secure input. Pushing pstrdup into the function
should not cause any serious problems for such hypothetical code; at worst
there might be a short term memory leak.
Per Coverity scanning.
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/66709133c7e5506be19bf56a82f45dd150f74732
Modified Files
--------------
src/backend/bootstrap/bootscanner.l | 2 +-
src/backend/bootstrap/bootstrap.c | 31 +++++++++++++------------------
src/include/bootstrap/bootstrap.h | 2 +-
3 files changed, 15 insertions(+), 20 deletions(-)