Re: pg17.3 PQescapeIdentifier() ignores len

Em qui., 13 de fev. de 2025 às 13:51, Justin Pryzby <pryzby(at)telsasoft(dot)com>
escreveu:

> I found errors in our sql log after upgrading to 17.3.
>
> error_severity | ERROR
> message | schema
> "rptcache.44e3955c33bb79f55750897da0c5ab1fa2004af1_20250214" does not exist
> query | copy
> "rptcache.44e3955c33bb79f55750897da0c5ab1fa2004af1_20250214"."44e3955c33bb79f55750897da0c5ab1fa2004af1_20250214"
> from stdin
>
> The copy command is from pygresql's inserttable(), which does:
>
> do {
> t = strchr(s, '.');
> if (!t)
> t = s + strlen(s);
> table = PQescapeIdentifier(self->cnx, s, (size_t)(t - s));
> fprintf(stderr, "table %s len %ld => %s\n", s, t-s, table);
> if (bufpt < bufmax)
> bufpt += snprintf(bufpt, (size_t)(bufmax - bufpt), "%s",
> table);
> PQfreemem(table);
> s = t;
> if (*s && bufpt < bufmax)
> *bufpt++ = *s++;
> } while (*s);
>
> The fprintf suggests that since 5dc1e42b4 PQescapeIdentifier ignores its
> len.
>
Interesting, Coverity has some new reports regarding PQescapeIdentifier.

CID 1591290: (#1 of 1): Out-of-bounds access (OVERRUN)
2. alloc_strlen: Allocating insufficient memory for the terminating null of
the string. [Note: The source code implementation of the function has been
overridden by a builtin model.]

Until now, I was in disbelief.

best regards,
Ranier Vilela