diff options
| author | Neil Conway | 2005-01-27 01:52:34 +0000 |
|---|---|---|
| committer | Neil Conway | 2005-01-27 01:52:34 +0000 |
| commit | 9eeeb9809ed1da35915b7cde0f73620f5025dd91 (patch) | |
| tree | 47999d48be30d8eec985ed6e636a4c0cdd37c0ad | |
| parent | 13fab5b3ad6a9b1de1906f3732f3b9e264dff77a (diff) | |
Backpatch fix for buffer overrun in parsing refcursor parameters to
REL7_2_STABLE.
| -rw-r--r-- | src/pl/plpgsql/src/gram.y | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y index b3a86236e5a..725f12f1d32 100644 --- a/src/pl/plpgsql/src/gram.y +++ b/src/pl/plpgsql/src/gram.y @@ -4,7 +4,7 @@ * procedural language * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.1 2002/05/21 18:50:18 tgl Exp $ + * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.2 2005/01/27 01:52:34 neilc Exp $ * * This software is copyrighted by Jan Wieck - Hamburg. * @@ -476,6 +476,10 @@ decl_cursor_arglist : decl_cursor_arg { int i = $1->nfields++; + /* Guard against overflowing the array on malicious input */ + if (i >= 1024) + yyerror("too many parameters specified for refcursor"); + $1->fieldnames[i] = $3->refname; $1->varnos[i] = $3->varno; |