[postgis-devel] Slight bug in shp2pgsql

Gino Lucrezi gino-postgisdevel at lucrezi.net
Thu Apr 14 05:40:04 PDT 2005


I was converting a shape file with a strange text attribute, and it resulted in invalid SQL

I investigated, and found two small issues in shp2pgsql.c 

The problem happens if a string starts with a single quote and has no other quotes in it. It's a very strange case, but it is perfectly legal.

In this case, shp2pgsql won't escape this lonely quote, due to a slight mistake in a while loop, which essentially starts at the second character of the string.

Moreover, if there are further quotes in the string, it might overrun its buffer (by just one byte, so it's probably not going to make a mess, but...)

In the process, I discovered that there was similar (incorrect) code in a procedure to escape tabs.

This is the kind of (wrong) SQL code which would be generated:

INSERT INTO "prova" (gid,"nome","the_geom") VALUES ('0',''abc','0101000000D006DCDD5E534241501CB678F4E95141');

Obviously, it should have been:
INSERT INTO "prova" (gid,"nome","the_geom") VALUES ('0','\'abc','0101000000D006DCDD5E534241501CB678F4E95141');

I'm enclosing the shape file I used for my tests, even though it's trivial.

Here is the diff in the code:

--- loader/shp2pgsql.c.org      2005-04-14 13:59:48.934223144 +0200
+++ loader/shp2pgsql.c  2005-04-14 14:38:33.000000000 +0200
@@ -165,8 +165,9 @@
 
        ptr = str;
 
-       while (*ptr++) {
+       while (*ptr) {
                if ( *ptr == '\t' || *ptr == '\\' ) toescape++;
+               ptr++;
        }
 
        if (toescape == 0) return str;
@@ -217,8 +218,9 @@
 
        ptr = str;
 
-       while (*ptr++) {
+       while (*ptr) {
                if ( *ptr == '\'' || *ptr == '\\' ) toescape++;
+               ptr++;
        }
 
        if (toescape == 0) return str;



This shouldn't trigger a new RC, obviously...

Gino Lucrezi
Penta Consulting Services Srl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: TestShape.zip
Type: application/octet-stream
Size: 428 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20050414/c4a724b2/attachment.obj>


More information about the postgis-devel mailing list