upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-06-10 09:10:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix theoretical memory leaks in pg_locale_libc.c.

Browse source 
The leaks were hard to reach in practice and the impact was low.

The callers provide a buffer the same number of bytes as the source
string (plus one for NUL terminator) as a starting size, and libc
never increases the number of characters. But, if the byte length of
one of the converted characters is larger, then it might need a larger
destination buffer. Previously, in that case, the working buffers
would be leaked.

Even in that case, the call typically happens within a context that
will soon be reset. Regardless, it's worth fixing to avoid such
assumptions, and the fix is simple so it's worth backporting.

Discussion: https://postgr.es/m/e2b7a0a88aaadded7e2d19f42d5ab03c9e182ad8.camel@j-davis.com
Backpatch-through: 18
This commit is contained in:
Jeff Davis 2026-01-29 10:14:55 -08:00
parent ec31744071
commit de90bb7db1
1 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/backend/utils/adt/pg_locale_libc.c
View file

@ -527,11 +527,11 @@ strlower_libc_mb(char *dest, size_t destsize, const char *src, ssize_t srclen,
result_size = wchar2char(result, workspace, max_size + 1, loc);
if (result_size + 1 > destsize)
return result_size;
memcpy(dest, result, result_size);
dest[result_size] = '\0';
if (destsize >= result_size + 1)
{
memcpy(dest, result, result_size);
dest[result_size] = '\0';
}
pfree(workspace);
pfree(result);
@ -638,11 +638,11 @@ strtitle_libc_mb(char *dest, size_t destsize, const char *src, ssize_t srclen,
result_size = wchar2char(result, workspace, max_size + 1, loc);
if (result_size + 1 > destsize)
return result_size;
memcpy(dest, result, result_size);
dest[result_size] = '\0';
if (destsize >= result_size + 1)
{
memcpy(dest, result, result_size);
dest[result_size] = '\0';
}
pfree(workspace);
pfree(result);
@ -725,11 +725,11 @@ strupper_libc_mb(char *dest, size_t destsize, const char *src, ssize_t srclen,
result_size = wchar2char(result, workspace, max_size + 1, loc);
if (result_size + 1 > destsize)
return result_size;
memcpy(dest, result, result_size);
dest[result_size] = '\0';
if (destsize >= result_size + 1)
{
memcpy(dest, result, result_size);
dest[result_size] = '\0';
}
pfree(workspace);
pfree(result);