Fix one-byte buffer overrun in PQprintTuples().

This bug goes back to the original Postgres95 sources.  Its significance
to modern PG versions is marginal, since we have not used PQprintTuples()
internally in a very long time, and it doesn't seem to have ever been
documented either.  Still, it *is* exposed to client apps, so somebody
out there might possibly be using it.

Xi Wang

diff --git a/src/interfaces/libpq/fe-print.c b/src/interfaces/libpq/fe-print.c
index 94ef40d3bcb69810f1ca14ae3eb82c35732e06cb..585e831cdb6fbce5e40a2b1f88b97c15a7737963 100644 (file)
--- a/src/interfaces/libpq/fe-print.c
+++ b/src/interfaces/libpq/fe-print.c
@@ -681,7 +681,6 @@ PQprintTuples(const PGresult *res,
    int         i,
                j;
    char        formatString[80];
-
    char       *tborder = NULL;
 
    nFields = PQnfields(res);
@@ -700,15 +699,15 @@ PQprintTuples(const PGresult *res,
            int         width;
 
            width = nFields * 14;
-           tborder = malloc(width + 1);
+           tborder = (char *) malloc(width + 1);
            if (!tborder)
            {
                fprintf(stderr, libpq_gettext("out of memory\n"));
                abort();
            }
-           for (i = 0; i <= width; i++)
+           for (i = 0; i < width; i++)
                tborder[i] = '-';
-           tborder[i] = '\0';
+           tborder[width] = '\0';
            fprintf(fout, "%s\n", tborder);
        }