From 81dfa2ce4328c44201a70a9dc3517bd356698069 Mon Sep 17 00:00:00 2001
From: Bruce Momjian
Date: Wed, 28 Aug 2002 20:46:24 +0000
Subject: backend where a statically sized buffer is written to. Most of these
 should be pretty safe in practice, but it's probably better to be safe than
 sorry.

I was actually looking for cases where NAMEDATALEN is assumed to be
32, but only found one. That's fixed too, as well as a few bits of
code cleanup.

Neil Conway
---
 src/pl/plpgsql/src/gram.y    | 6 +++---
 src/pl/plpgsql/src/pl_comp.c | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/pl')

diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index 0a181cd07e2..75d0a0b07a2 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
  *						  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.34 2002/08/08 01:36:04 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.35 2002/08/28 20:46:24 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -1594,7 +1594,7 @@ read_sql_construct(int until,
 		{
 			case T_VARIABLE:
 				params[nparams] = yylval.variable->dno;
-				sprintf(buf, " $%d ", ++nparams);
+				snprintf(buf, sizeof(buf), " $%d ", ++nparams);
 				plpgsql_dstring_append(&ds, buf);
 				break;
 
@@ -1791,7 +1791,7 @@ make_select_stmt(void)
 		{
 			case T_VARIABLE:
 				params[nparams] = yylval.variable->dno;
-				sprintf(buf, " $%d ", ++nparams);
+				snprintf(buf, sizeof(buf), " $%d ", ++nparams);
 				plpgsql_dstring_append(&ds, buf);
 				break;
 
diff --git a/src/pl/plpgsql/src/pl_comp.c b/src/pl/plpgsql/src/pl_comp.c
index c85207780f1..70f1de470c9 100644
--- a/src/pl/plpgsql/src/pl_comp.c
+++ b/src/pl/plpgsql/src/pl_comp.c
@@ -3,7 +3,7 @@
  *			  procedural language
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.47 2002/08/22 00:01:50 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.48 2002/08/28 20:46:24 momjian Exp $
  *
  *	  This software is copyrighted by Jan Wieck - Hamburg.
  *
@@ -249,7 +249,7 @@ plpgsql_compile(Oid fn_oid, int functype)
 			{
 				char		buf[32];
 
-				sprintf(buf, "$%d", i + 1);	/* name for variable */
+				snprintf(buf, sizeof(buf), "$%d", i + 1);	/* name for variable */
 
 				/*
 				 * Get the parameters type
-- 
cgit v1.2.3