Quick Links

Re: Cursor support buffer patch

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Ian Lance Taylor <ian(at)airs(dot)com>
Cc:	pgsql-patches(at)postgresql(dot)org
Subject:	Re: Cursor support buffer patch
Date:	2001-06-06 15:05:11
Message-ID:	23940.991839911@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-patches

Ian Lance Taylor <ian(at)airs(dot)com> writes:
> The code assumed that there would be a '\0' in buf after storing the
> characters in new->refname, but it did nothing to ensure that.

Good catch.

> I can't convince myself that this code does not have the possibility
> of buffer overflow.

It obviously does; the fixed-size buffer should be replaced by a
PLpgSQL_dstring, probably. I don't much like the fixed-size
fieldnames[] buffers elsewhere in that file, either.

regards, tom lane

In response to

Cursor support buffer patch at 2001-06-06 06:39:44 from Ian Lance Taylor

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Jason Tishler	2001-06-06 16:02:05	YA readline 4.2 patch
Previous Message	Ian Lance Taylor	2001-06-06 07:02:11	Patch for cursors with multiple parameters