1
0
mirror of https://github.com/postgres/postgres.git synced 2025-08-08 06:02:22 +03:00

The attached patch changes most of the usages of sprintf() to

snprintf() in contrib/. I didn't touch the places where pointer
arithmatic was being used, or other areas where the fix wasn't
trivial. I would think that few, if any, of the usages of sprintf()
were actually exploitable, but it's probably better to be paranoid...

Neil Conway
This commit is contained in:
Bruce Momjian
2002-08-15 02:58:29 +00:00
parent 7f4981f4af
commit 66eb8df6a4
15 changed files with 80 additions and 70 deletions

View File

@@ -68,14 +68,14 @@ main(int argc, char **argv)
{
unset_result(relres);
if (strcmp(typname, "oid") == 0)
sprintf(query, "\
snprintf(query, 4000, "\
DECLARE c_matches BINARY CURSOR FOR \
SELECT count(*)::int4 \
FROM \"%s\" t1, \"%s\" t2 \
WHERE t1.\"%s\" = t2.oid ",
relname, relname2, attname);
else
sprintf(query, "\
sprintf(query, 4000, "\
DECLARE c_matches BINARY CURSOR FOR \
SELECT count(*)::int4 \
FROM \"%s\" t1, \"%s\" t2 \