Silece stringop-overflow warning and protect against invalid read

gkokolatos · gkokolatos · commit 689959e20d25 · 2019-04-29T12:10:22.000Z
strncat unfortunately takes a misleading size argument which means
at most size from src. It is a bit of an antipattern in the string
family of functions and for that compilers will emit a warning if
it happens that the size argument matches the size of src, since that
is not what usually users of strncat want to do.

The usage of the function in the code was correct. However instead
of silencing the compiler, strncat was replaced with the dynamic buffer
family of operations that postgres provides for the frontend.

Also protect against an invalid read in case that the size of the
result is zero.

Reviewed-by: Asim R P &lt;apraveen@pivotal.io&gt;
Reviewed-by: Daniel Gustafsson &lt;dgustafsson@pivotal.io&gt;
diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c
@@ -1529,36 +1529,35 @@ escape_fmtopts_string(const char *src)
 char *
 custom_fmtopts_string(const char *src)
 {
-	int len = src ? strlen(src) : 0;
-	char *result = calloc(1, len * 2 + 2);
-	char *srcdup = src ? strdup(src) : NULL;
-	char *srcdup_start = srcdup;
-	char *find_res = NULL;
-	int last = 0;
-
-	if (!srcdup || !result)
-	{
-		if (result)
-			free(result);
-		if (srcdup)
-			free(srcdup);
+	PQExpBufferData result;
+	char *srcdup;
+	char *to_free;
+	char *find_res;
+	char *srcdup_end;
+	int last;
+
+	if (!src)
 		return NULL;
-	}
+
+	to_free = srcdup = pg_strdup(src);
+	srcdup_end = srcdup + strlen(srcdup);
+	initPQExpBuffer(&result);
 
 	while (srcdup)
 	{
 		/* find first word (a) */
 		find_res = strchr(srcdup, ' ');
 		if (!find_res)
 			break;
-		strncat(result, srcdup, (find_res - srcdup));
+		*find_res = '\0';
+		appendPQExpBufferStr(&result, srcdup);
 		/* skip space */
 		srcdup = find_res + 1;
 		/* remove E if E' */
 		if ((strlen(srcdup) > 2) && (srcdup[0] == 'E') && (srcdup[1] == '\''))
 			srcdup++;
 		/* add " = " */
-		strncat(result, " = ", 3);
+		appendPQExpBuffer(&result, " = ");
 		/* find second word (b) until second '
 		   find \' combinations and ignore them */
 		find_res = strchr(srcdup + 1, '\'');
@@ -1568,23 +1567,25 @@ custom_fmtopts_string(const char *src)
 		}
 		if (!find_res)
 			break;
-		strncat(result, srcdup, (find_res - srcdup + 1));
-		srcdup = find_res + 1;
-		/* skip space and add ',' */
-		if (srcdup && srcdup[0] == ' ')
+		find_res++;
+		*find_res = '\0';
+		appendPQExpBufferStr(&result, srcdup);
+		srcdup = find_res;
+		/* move to the next token if exists and add ',' */
+		if (find_res < srcdup_end - 1)
 		{
-			srcdup++;
-			strncat(result, ",", 1);
+			srcdup = find_res + 1;
+			appendPQExpBuffer(&result, ",");
 		}
 	}
 
 	/* fix string - remove trailing ',' or '=' */
-	last = strlen(result) - 1;
-	if (result[last] == ',' || result[last] == '=')
-		result[last] = '\0';
+	last = strlen(result.data) - 1;
+	if (last >= 0 && (result.data[last] == ',' || result.data[last] == '='))
+		result.data[last] = '\0';
 
-	free(srcdup_start);
-	return result;
+	pg_free(to_free);
+	return result.data;
 }
 
 /*
