ecpg: Fix off-by-one error in memory copying

In a rare case, one byte past the end of memory belonging to the
sqlca_t structure would be written to.

found by Coverity

diff --git a/src/interfaces/ecpg/ecpglib/misc.c b/src/interfaces/ecpg/ecpglib/misc.c
index f24478271cd618391897768eab672e653d1656cd..a4c283a274d3920b0096f8d9aadc372edc38b80f 100644 (file)
--- a/src/interfaces/ecpg/ecpglib/misc.c
+++ b/src/interfaces/ecpg/ecpglib/misc.c
@@ -525,7 +525,7 @@ ECPGset_var(int number, void *pointer, int lineno)
                struct sqlca_t *sqlca = ECPGget_sqlca();
 
                sqlca->sqlcode = ECPG_OUT_OF_MEMORY;
-               strncpy(sqlca->sqlstate, "YE001", sizeof("YE001"));
+               strncpy(sqlca->sqlstate, "YE001", sizeof(sqlca->sqlstate));
                snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), "out of memory on line %d", lineno);
                sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc);
                /* free all memory we have allocated for the user */