From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Wed, 17 Nov 2004 19:54:34 +0000 (+0000)
Subject: Fix off-by-one memory allocation, as reported by Rod Taylor.  Also
X-Git-Url: http://waps.l3s.uni-hannover.de/gitweb/?a=commitdiff_plain;h=76260fdf98b0f44213956f08d8fd5134cc99e32d;p=users%2Fbernd%2Fpostgres.git

Fix off-by-one memory allocation, as reported by Rod Taylor.  Also
avoid repalloc'ing twice when once is sufficient.
---

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 9532ab65f5..e62c8cbbbd 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -179,6 +179,7 @@ next_token_expand(FILE *file)
 	char	   *comma_str = pstrdup("");
 	bool		trailing_comma;
 	char	   *incbuf;
+	int			needed;
 
 	do
 	{
@@ -200,16 +201,14 @@ next_token_expand(FILE *file)
 		else
 			incbuf = pstrdup(buf);
 
-		comma_str = repalloc(comma_str,
-							 strlen(comma_str) + strlen(incbuf) + 1);
+		needed = strlen(comma_str) + strlen(incbuf) + 1;
+		if (trailing_comma)
+			needed++;
+		comma_str = repalloc(comma_str, needed);
 		strcat(comma_str, incbuf);
-		pfree(incbuf);
-
 		if (trailing_comma)
-		{
-			comma_str = repalloc(comma_str, strlen(comma_str) + 1 + 1);
 			strcat(comma_str, MULTI_VALUE_SEP);
-		}
+		pfree(incbuf);
 	} while (trailing_comma);
 
 	return comma_str;
@@ -270,7 +269,7 @@ tokenize_inc_file(const char *inc_filename)
 		pfree(inc_fullname);
 
 		/* return empty string, it matches nothing */
-		return pstrdup("");
+		return comma_str;
 	}
 	pfree(inc_fullname);
 
@@ -278,7 +277,7 @@ tokenize_inc_file(const char *inc_filename)
 	inc_lines = tokenize_file(inc_file);
 	FreeFile(inc_file);
 
-	/* Create comma-separate string from List */
+	/* Create comma-separated string from List */
 	foreach(line, inc_lines)
 	{
 		List	   *ln = lfirst(line);
@@ -287,13 +286,15 @@ tokenize_inc_file(const char *inc_filename)
 		/* First entry is line number */
 		foreach(token, lnext(ln))
 		{
-			if (strlen(comma_str))
-			{
-				comma_str = repalloc(comma_str, strlen(comma_str) + 1);
+			int		oldlen = strlen(comma_str);
+			int		needed;
+
+			needed = oldlen + strlen(lfirst(token)) + 1;
+			if (oldlen > 0)
+				needed++;
+			comma_str = repalloc(comma_str, needed);
+			if (oldlen > 0)
 				strcat(comma_str, MULTI_VALUE_SEP);
-			}
-			comma_str = repalloc(comma_str,
-						  strlen(comma_str) + strlen(lfirst(token)) + 1);
 			strcat(comma_str, lfirst(token));
 		}
 	}