Home > mailing lists

BUG #2672: stored procedure argument and return type length validation - Mailing list pgsql-bugs

From	ragetron99
Subject	BUG #2672: stored procedure argument and return type length validation
Date	October 4, 2006 19:27:21
Msg-id	200610031839.k93Id0Ju050790@wwwmaster.postgresql.org Whole thread Raw
List	pgsql-bugs

Tree view

The following bug has been logged online:

Bug reference:      2672
Logged by:          ragetron99
Email address:      ragetron99@gmail.com
PostgreSQL version: 8.1.4
Operating system:   irrelevant
Description:        stored procedure argument and return type length
validation
Details:

PgSQL doesn't seem to perform length validation for variable-length types
used as arguments or return values in a stored procedure. The oidvector in
pg_proc used as the function signature seems to be the only type-related
specification that exists. Why are stored procedures (and whatever
functionality invokes them) expected to manually validate inputs in this
manner instead of having it automatically enforced?

$ create or replace function hello_tom_lane(varchar(3)) returns varchar(3)
as 'select $1;' language sql;
CREATE FUNCTION

$ select hello_tom_lane('hello tom lane why is this not limited to three
characters?');
                       hello_tom_lane
-------------------------------------------------------------
 hello tom lane why is this not limited to three characters?

pgsql-bugs by date:

From: "Sreeni"
Date: 04 October 2006, 19:27:17
Subject: Re: relocation error :/usr/lib/libpq.so.3 :undefined symbol krb5_cc_get_principal

From: "Bob Friesenhahn"
Date: 04 October 2006, 19:27:27
Subject: BUG #2674: libedit not detected

BUG #2672: stored procedure argument and return type length validation - Mailing list pgsql-bugs

Previous

Next