From 561ec761332b5608a894210e00d4fee1b5c6522a Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Wed, 7 Mar 2012 23:46:41 +0200 Subject: [PATCH] psql: Fix invalid memory access Due to an apparent thinko, when printing a table in expanded mode (\x), space would be allocated for 1 slot plus 1 byte per line, instead of 1 slot per line plus 1 slot for the NULL terminator. When the line count is small, reading or writing the terminator would therefore access memory beyond what was allocated. --- src/bin/psql/print.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/bin/psql/print.c b/src/bin/psql/print.c index dec440c264..594a63acfd 100644 --- a/src/bin/psql/print.c +++ b/src/bin/psql/print.c @@ -1210,8 +1210,8 @@ print_aligned_vertical(const printTableContent *cont, FILE *fout) * We now have all the information we need to setup the formatting * structures */ - dlineptr = pg_local_malloc((sizeof(*dlineptr) + 1) * dheight); - hlineptr = pg_local_malloc((sizeof(*hlineptr) + 1) * hheight); + dlineptr = pg_local_malloc((sizeof(*dlineptr)) * (dheight + 1)); + hlineptr = pg_local_malloc((sizeof(*hlineptr)) * (hheight + 1)); dlineptr->ptr = pg_local_malloc(dformatsize); hlineptr->ptr = pg_local_malloc(hformatsize);