Backpatch fix for buffer overrun in parsing refcursor parameters to

REL7_3_STABLE.
2025-06-03 01:21:48 +03:00 · 2005-01-27 01:44:42 +00:00 · 2005-01-27 01:44:42 +00:00 · 5036a19f68
commit 5036a19f68
parent 483fa35176
1 changed files with 5 additions and 1 deletions
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@ -4,7 +4,7 @@
 *						  procedural language
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39 2002/11/01 22:52:34 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.1 2005/01/27 01:44:42 neilc Exp $
 *
 *	  This software is copyrighted by Jan Wieck - Hamburg.
 *
@ -478,6 +478,10 @@ decl_cursor_arglist : decl_cursor_arg
 					{
 						int i = $1->nfields++;

+						/* Guard against overflowing the array on malicious input */
+						if (i >= 1024)
+							yyerror("too many parameters specified for refcursor");
+
 						$1->fieldnames[i] = $3->refname;
 						$1->varnos[i] = $3->varno;