Re: Cursor support buffer patch - Mailing list pgsql-patches

From Tom Lane
Subject Re: Cursor support buffer patch
Date
Msg-id 23940.991839911@sss.pgh.pa.us
Whole thread Raw
In response to Cursor support buffer patch  (Ian Lance Taylor <ian@airs.com>)
List pgsql-patches
Ian Lance Taylor <ian@airs.com> writes:
> The code assumed that there would be a '\0' in buf after storing the
> characters in new->refname, but it did nothing to ensure that.

Good catch.

> I can't convince myself that this code does not have the possibility
> of buffer overflow.

It obviously does; the fixed-size buffer should be replaced by a
PLpgSQL_dstring, probably.  I don't much like the fixed-size
fieldnames[] buffers elsewhere in that file, either.

            regards, tom lane

pgsql-patches by date:

Previous
From: Ian Lance Taylor
Date:
Subject: Patch for cursors with multiple parameters
Next
From: Jason Tishler
Date:
Subject: YA readline 4.2 patch