Avoid reading below the start of a stack variable in tokenize_file().

We would wrongly overwrite the prior stack byte if it happened to
contain '\n' or '\r'.  New in 9.3, so no back-patch.

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index e946a4659f29e470875f5e09bbcdff42f70b7830..91f6ced0d2f526836b15fa3bcb877a920f2f813c 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -411,9 +411,9 @@ tokenize_file(const char *filename, FILE *file,
                                line_number, filename)));
 
        /* Strip trailing linebreak from rawline */
-       while (rawline[strlen(rawline) - 1] == '\n' ||
-              rawline[strlen(rawline) - 1] == '\r')
-           rawline[strlen(rawline) - 1] = '\0';
+       lineptr = rawline + strlen(rawline) - 1;
+       while (lineptr >= rawline && (*lineptr == '\n' || *lineptr == '\r'))
+           *lineptr-- = '\0';
 
        lineptr = rawline;
        while (strlen(lineptr) > 0)