Ian Lance Taylor <ian(at)airs(dot)com> writes:
> The code assumed that there would be a '\0' in buf after storing the
> characters in new->refname, but it did nothing to ensure that.
> I can't convince myself that this code does not have the possibility
> of buffer overflow.
It obviously does; the fixed-size buffer should be replaced by a
PLpgSQL_dstring, probably. I don't much like the fixed-size
fieldnames buffers elsewhere in that file, either.
regards, tom lane
In response to
pgsql-patches by date
|Next:||From: Jason Tishler||Date: 2001-06-06 16:02:05|
|Subject: YA readline 4.2 patch|
|Previous:||From: Ian Lance Taylor||Date: 2001-06-06 07:02:11|
|Subject: Patch for cursors with multiple parameters|