From 251033186ff575cf130ec53daa996749022fbad3 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 3 Oct 2003 18:26:14 +0000 Subject: [PATCH] Cause PQescapeString to stop processing at a null character, rather than generating an invalid output string. Per observation and patch from Igor Shevchenko. Further code cleanup and documentation by Tom Lane. --- doc/src/sgml/libpq.sgml | 13 +++++++---- src/interfaces/libpq/fe-exec.c | 42 +++++++++++++++++----------------- 2 files changed, 29 insertions(+), 26 deletions(-) diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index cd2a8f491f..37e1fffb5f 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1,5 +1,5 @@ @@ -1972,10 +1972,13 @@ size_t PQescapeString (char *to, const char *from, size_t length); The parameter from points to the first character of the string -that -is to be escaped, and the length parameter gives the -number of characters in this string. (A terminating zero byte is -neither necessary nor counted.) to shall point to a +that is to be escaped, and the length parameter gives the +number of characters in this string. A terminating zero byte is not +required, and should not be counted in length. (If +a terminating zero byte is found before length bytes are +processed, PQescapeString stops at the zero; the behavior +is thus rather like strncpy.) +to shall point to a buffer that is able to hold at least one more character than twice the value of length, otherwise the behavior is undefined. A call to PQescapeString writes an escaped diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c index 6f23fde1e4..6d159a9a35 100644 --- a/src/interfaces/libpq/fe-exec.c +++ b/src/interfaces/libpq/fe-exec.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.149 2003/10/02 14:47:44 tgl Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.150 2003/10/03 18:26:14 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -2143,47 +2143,47 @@ PQfreeNotify(PGnotify *notify) } -/* --------------- - * Escaping arbitrary strings to get valid SQL strings/identifiers. +/* + * Escaping arbitrary strings to get valid SQL literal strings. * * Replaces "\\" with "\\\\" and "'" with "''". - * length is the length of the buffer pointed to by - * from. The buffer at to must be at least 2*length + 1 characters - * long. A terminating NUL character is written. - * --------------- + * + * length is the length of the source string. (Note: if a terminating NUL + * is encountered sooner, PQescapeString stops short of "length"; the behavior + * is thus rather like strncpy.) + * + * For safety the buffer at "to" must be at least 2*length + 1 bytes long. + * A terminating NUL character is added to the output string, whether the + * input is NUL-terminated or not. + * + * Returns the actual length of the output (not counting the terminating NUL). */ - size_t PQescapeString(char *to, const char *from, size_t length) { const char *source = from; char *target = to; - unsigned int remaining = length; + size_t remaining = length; - while (remaining > 0) + while (remaining > 0 && *source != '\0') { switch (*source) { case '\\': - *target = '\\'; - target++; - *target = '\\'; - /* target and remaining are updated below. */ + *target++ = '\\'; + *target++ = '\\'; break; case '\'': - *target = '\''; - target++; - *target = '\''; - /* target and remaining are updated below. */ + *target++ = '\''; + *target++ = '\''; break; default: - *target = *source; - /* target and remaining are updated below. */ + *target++ = *source; + break; } source++; - target++; remaining--; } -- GitLab