Justin Pryzby <pry...@telsasoft.com> writes:
> The fprintf suggests that since 5dc1e42b4 PQescapeIdentifier ignores its len.
Ugh, yes. Need something like the attached.
FTR, 5dc1e42b4 et al were quite subtle patches done under extreme time
pressure. I wonder if they have any other issues. More eyes on those
patches would be welcome, now that they are public.
regards, tom lane
diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c
index e97ad02542..120d4d032e 100644
--- a/src/interfaces/libpq/fe-exec.c
+++ b/src/interfaces/libpq/fe-exec.c
@@ -4224,7 +4224,7 @@ PQescapeInternal(PGconn *conn, const char *str, size_t len, bool as_ident)
char *rp;
int num_quotes = 0; /* single or double, depending on as_ident */
int num_backslashes = 0;
- size_t input_len = strlen(str);
+ size_t input_len = strnlen(str, len);
size_t result_size;
char quote_char = as_ident ? '"' : '\'';
bool validated_mb = false;
@@ -4274,7 +4274,7 @@ PQescapeInternal(PGconn *conn, const char *str, size_t len, bool as_ident)
if (!validated_mb)
{
if (pg_encoding_verifymbstr(conn->client_encoding, s, remaining)
- != strlen(s))
+ != remaining)
{
libpq_append_conn_error(conn, "invalid multibyte character");
return NULL;
