| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ian Lance Taylor <ian(at)airs(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Cursor support buffer patch |
| Date: | 2001-06-06 15:05:11 |
| Message-ID: | 23940.991839911@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Ian Lance Taylor <ian(at)airs(dot)com> writes:
> The code assumed that there would be a '\0' in buf after storing the
> characters in new->refname, but it did nothing to ensure that.
Good catch.
> I can't convince myself that this code does not have the possibility
> of buffer overflow.
It obviously does; the fixed-size buffer should be replaced by a
PLpgSQL_dstring, probably. I don't much like the fixed-size
fieldnames[] buffers elsewhere in that file, either.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jason Tishler | 2001-06-06 16:02:05 | YA readline 4.2 patch |
| Previous Message | Ian Lance Taylor | 2001-06-06 07:02:11 | Patch for cursors with multiple parameters |