Skip to content

Commit 25c5eca

Browse files
author
anju15bharti
committed
fix crash
1 parent c013203 commit 25c5eca

2 files changed

Lines changed: 51 additions & 29 deletions

File tree

contrib/babelfishpg_tsql/src/catalog.c

Lines changed: 50 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -450,24 +450,63 @@ bbf_rewrite_truncated_identifiers(const char *msg)
450450
found = strstr(search_msg, key);
451451
while (found)
452452
{
453+
int prefix_len = found - search_msg;
454+
int orig_len = strlen(entry->original_name);
455+
int suffix_len = strlen(found + key_len);
456+
char *newmsg = MemoryContextAlloc(TopMemoryContext,
457+
prefix_len + orig_len + suffix_len + 1);
458+
char *oldresult = result;
459+
460+
memcpy(newmsg, search_msg, prefix_len);
461+
memcpy(newmsg + prefix_len, entry->original_name, orig_len);
462+
memcpy(newmsg + prefix_len + orig_len, found + key_len, suffix_len + 1);
463+
464+
if (oldresult)
465+
pfree(oldresult);
466+
467+
result = newmsg;
468+
search_msg = newmsg;
469+
found = strstr(search_msg + prefix_len + orig_len, key);
470+
}
471+
}
472+
}
473+
474+
/* Validate UTF-8 before returning — avoid crashing the TDS layer */
475+
if (result)
476+
{
477+
const unsigned char *p = (const unsigned char *) result;
478+
while (*p)
479+
{
480+
if (*p >= 0x80)
481+
{
482+
if ((*p & 0xE0) == 0xC0)
453483
{
454-
int prefix_len = found - search_msg;
455-
int orig_len = strlen(entry->original_name);
456-
int suffix_len = strlen(found + key_len);
457-
char *newmsg = MemoryContextAlloc(TopMemoryContext,
458-
prefix_len + orig_len + suffix_len + 1);
459-
memcpy(newmsg, search_msg, prefix_len);
460-
memcpy(newmsg + prefix_len, entry->original_name, orig_len);
461-
memcpy(newmsg + prefix_len + orig_len, found + key_len, suffix_len + 1);
462-
search_msg = newmsg;
463-
result = newmsg;
464-
found = strstr(search_msg + prefix_len + orig_len, key);
484+
if ((p[1] & 0xC0) != 0x80) goto invalid;
485+
p += 2;
465486
}
487+
else if ((*p & 0xF0) == 0xE0)
488+
{
489+
if ((p[1] & 0xC0) != 0x80 || (p[2] & 0xC0) != 0x80) goto invalid;
490+
p += 3;
491+
}
492+
else if ((*p & 0xF8) == 0xF0)
493+
{
494+
if ((p[1] & 0xC0) != 0x80 || (p[2] & 0xC0) != 0x80 || (p[3] & 0xC0) != 0x80) goto invalid;
495+
p += 4;
496+
}
497+
else
498+
goto invalid;
466499
}
500+
else
501+
p++;
467502
}
468503
}
469504

470505
return result;
506+
507+
invalid:
508+
pfree(result);
509+
return NULL;
471510
}
472511

473512
PG_FUNCTION_INFO_V1(init_catalog);

contrib/babelfishpg_tsql/src/pl_handler.c

Lines changed: 1 addition & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -8726,35 +8726,18 @@ void pltsql_bbfSelectIntoUtility(ParseState *pstate, PlannedStmt *pstmt, const c
87268726
*/
87278727
Query *query = castNode(Query, ((CreateTableAsStmt *)parsetree)->query);
87288728
ListCell *tlc;
8729-
List *saved_resnames = NIL;
87308729

87318730
foreach(tlc, query->targetList)
87328731
{
87338732
TargetEntry *tle = (TargetEntry *) lfirst(tlc);
8734-
saved_resnames = lappend(saved_resnames, tle->resname);
87358733
if (tle->resname && strlen(tle->resname) >= NAMEDATALEN)
87368734
{
87378735
tle->resname = pstrdup(tle->resname);
87388736
truncate_identifier(tle->resname, strlen(tle->resname), false);
87398737
}
87408738
}
87418739

8742-
PG_TRY();
8743-
{
8744-
*address = ExecCreateTableAs(pstate, (CreateTableAsStmt *)parsetree, params, queryEnv, qc);
8745-
}
8746-
PG_FINALLY();
8747-
{
8748-
/* Restore original resnames to prevent UTF8 corruption in TDS response */
8749-
ListCell *slc = list_head(saved_resnames);
8750-
foreach(tlc, query->targetList)
8751-
{
8752-
TargetEntry *tle = (TargetEntry *) lfirst(tlc);
8753-
tle->resname = (char *) lfirst(slc);
8754-
slc = lnext(saved_resnames, slc);
8755-
}
8756-
}
8757-
PG_END_TRY();
8740+
*address = ExecCreateTableAs(pstate, (CreateTableAsStmt *)parsetree, params, queryEnv, qc);
87588741
}
87598742
else
87608743
{

0 commit comments

Comments
 (0)