Home > mailing lists

Re: contrib/ buffer paranoia - Mailing list pgsql-patches

From	Alvaro Herrera
Subject	Re: contrib/ buffer paranoia
Date	August 12, 2002 17:33:48
Msg-id	Pine.LNX.4.44.0208121431510.6581-100000@cm-lcon1-46-187.cm.vtr.net Whole thread Raw
In response to	contrib/ buffer paranoia (Neil Conway <nconway@klamath.dyndns.org>)
Responses	Re: contrib/ buffer paranoia
List	pgsql-patches

Tree view

Neil Conway dijo:

> The attached patch changes most of the usages of sprintf() to
> snprintf() in contrib/. I didn't touch the places where pointer
> arithmatic was being used, or other areas where the fix wasn't
> trivial. I would think that few, if any, of the usages of sprintf()
> were actually exploitable, but it's probably better to be paranoid...
>
> Unless anyone sees a problem, please apply.

I think in dbase/dbf2pg.c the limit of 10 to pgdate should be 11
(snprintf counts the \0 at the end).

--
Alvaro Herrera (<alvherre[a]atentus.com>)
"Coge la flor que hoy nace alegre, ufana. Quién sabe si nacera otra mañana?"

pgsql-patches by date:

From: "Ulrich Neumann"
Date: 12 August 2002, 16:10:55
Subject: Re: Antw: Re: Patch for NetWare support

From: Neil Conway
Date: 12 August 2002, 17:51:39
Subject: Re: contrib/ buffer paranoia

Re: contrib/ buffer paranoia - Mailing list pgsql-patches

Previous

Next