Make replace(), split_part(), and string_to_array() behave somewhat sanely

tglsfdc · tglsfdc · commit c556447c70c9 · 2007-07-19T20:34:54.000Z
when handed an invalidly-encoded pattern.  The previous coding could get
into an infinite loop if pg_mb2wchar_with_len() returned a zero-length
string after we'd tested for nonempty pattern; which is exactly what it
will do if the string consists only of an incomplete multibyte character.
This led to either an out-of-memory error or a backend crash depending
on platform.  Per report from Wiktor Wodecki.
diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.92.2.5 2006/05/21 20:07:11 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.92.2.6 2007/07/19 20:34:54 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -698,20 +698,23 @@ text_position(Datum str, Datum search_str, int matchnum)
 		(void) pg_mb2wchar_with_len((unsigned char *) VARDATA(t2), p2, len2);
 		len2 = pg_wchar_strlen(p2);
 
-		/* no use in searching str past point where search_str will fit */
-		px = (len1 - len2);
-
-		for (p = 0; p <= px; p++)
+		if (len1 > 0 && len2 > 0)
 		{
-			if ((*p2 == *p1) && (pg_wchar_strncmp(p1, p2, len2) == 0))
+			/* no use in searching str past point where search_str will fit */
+			px = (len1 - len2);
+
+			for (p = 0; p <= px; p++)
 			{
-				if (++match == matchnum)
+				if ((*p2 == *p1) && (pg_wchar_strncmp(p1, p2, len2) == 0))
 				{
-					pos = p + 1;
-					break;
+					if (++match == matchnum)
+					{
+						pos = p + 1;
+						break;
+					}
 				}
+				p1++;
 			}
-			p1++;
 		}
 
 		pfree(ps1);

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.92.2.5 2006/05/21 20:07:11 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.92.2.6 2007/07/19 20:34:54 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -698,20 +698,23 @@ text_position(Datum str, Datum search_str, int matchnum)`
`698`	`698`	`(void) pg_mb2wchar_with_len((unsigned char *) VARDATA(t2), p2, len2);`
`699`	`699`	`len2 = pg_wchar_strlen(p2);`
`700`	`700`
`701`		`- /* no use in searching str past point where search_str will fit */`
`702`		`- px = (len1 - len2);`
`703`		`-`
`704`		`- for (p = 0; p <= px; p++)`
	`701`	`+ if (len1 > 0 && len2 > 0)`
`705`	`702`	`{`
`706`		`- if ((p2 == p1) && (pg_wchar_strncmp(p1, p2, len2) == 0))`
	`703`	`+ /* no use in searching str past point where search_str will fit */`
	`704`	`+ px = (len1 - len2);`
	`705`	`+`
	`706`	`+ for (p = 0; p <= px; p++)`
`707`	`707`	`{`
`708`		`- if (++match == matchnum)`
	`708`	`+ if ((p2 == p1) && (pg_wchar_strncmp(p1, p2, len2) == 0))`
`709`	`709`	`{`
`710`		`- pos = p + 1;`
`711`		`- break;`
	`710`	`+ if (++match == matchnum)`
	`711`	`+ {`
	`712`	`+ pos = p + 1;`
	`713`	`+ break;`
	`714`	`+ }`
`712`	`715`	`}`
	`716`	`+ p1++;`
`713`	`717`	`}`
`714`		`- p1++;`
`715`	`718`	`}`
`716`	`719`
`717`	`720`	`pfree(ps1);`