"Christopher Kings-Lynne" <chriskl@familyhealth.com.au> writes:
>> src/backend/port/dynloader/freebsd.c
> This one is perhaps dodgy. You ahve this:
> static char error_message[BUFSIZ];
> Then you have this:
> sprintf(error_message, "dlopen (%s) not supported", file);
> Where file isn't restricted in length I think...
Yeah. In practice I'm not sure there's a problem --- the callers may
all limit the filename string to MAXPGPATH, which is well below BUFSIZ.
But changing the sprintf to snprintf is a cheap, localized way to be
sure.
regards, tom lane