backend where a statically sized buffer is written to. Most of these

should be pretty safe in practice, but it's probably better to be safe than sorry. I was actually looking for cases where NAMEDATALEN is assumed to be 32, but only found one. That's fixed too, as well as a few bits of code cleanup. Neil Conway
2025-04-22 23:02:54 +03:00 · 2002-08-28 20:46:24 +00:00 · 2002-08-28 20:46:24 +00:00 · 81dfa2ce43
commit 81dfa2ce43
parent f5fea0808f
13 changed files with 33 additions and 37 deletions
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@ -27,7 +27,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.174 2002/08/15 16:36:02 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.175 2002/08/28 20:46:22 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -545,7 +545,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
 			erm = (execRowMark *) palloc(sizeof(execRowMark));
 			erm->relation = relation;
 			erm->rti = rti;
-			sprintf(erm->resname, "ctid%u", rti);
+			snprintf(erm->resname, 32, "ctid%u", rti);
 			estate->es_rowMark = lappend(estate->es_rowMark, erm);
 		}
 	}
--- a/src/backend/optimizer/plan/planner.c
+++ b/src/backend/optimizer/plan/planner.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/optimizer/plan/planner.c,v 1.122 2002/06/20 20:29:31 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/optimizer/plan/planner.c,v 1.123 2002/08/28 20:46:23 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -961,7 +961,7 @@ grouping_planner(Query *parse, double tuple_fraction)
 				TargetEntry *ctid;
 				resname = (char *) palloc(32);
-				sprintf(resname, "ctid%u", rti);
+				snprintf(resname, 32, "ctid%u", rti);
 				resdom = makeResdom(length(tlist) + 1,
 									TIDOID,
 									-1,
--- a/src/backend/parser/analyze.c
+++ b/src/backend/parser/analyze.c
@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- *	$Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.244 2002/08/27 04:55:07 tgl Exp $
+ *	$Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.245 2002/08/28 20:46:23 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -2157,7 +2157,7 @@ transformSetOperationTree(ParseState *pstate, SelectStmt *stmt)
 		/*
 		 * Make the leaf query be a subquery in the top-level rangetable.
 		 */
-		sprintf(selectName, "*SELECT* %d", length(pstate->p_rtable) + 1);
+		snprintf(selectName, 32, "*SELECT* %d", length(pstate->p_rtable) + 1);
 		rte = addRangeTableEntryForSubquery(pstate,
 											selectQuery,
 											makeAlias(selectName, NIL),
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.362 2002/08/28 14:35:37 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.363 2002/08/28 20:46:23 momjian Exp $
 *
 * HISTORY
 *	  AUTHOR			DATE			MAJOR EVENT
@ -2096,7 +2096,7 @@ TriggerFuncArg:
 			ICONST
 				{
 					char buf[64];
-					sprintf (buf, "%d", $1);
+					snprintf (buf, sizeof(buf), "%d", $1);
 					$$ = makeString(pstrdup(buf));
 				}
 			| FCONST								{ $$ = makeString($1); }
--- a/src/backend/utils/adt/mac.c
+++ b/src/backend/utils/adt/mac.c
@ -1,7 +1,7 @@
 /*
 *	PostgreSQL type definitions for MAC addresses.
 *
- *	$Header: /cvsroot/pgsql/src/backend/utils/adt/mac.c,v 1.24 2002/06/17 07:00:26 momjian Exp $
+ *	$Header: /cvsroot/pgsql/src/backend/utils/adt/mac.c,v 1.25 2002/08/28 20:46:24 momjian Exp $
 */
 #include "postgres.h"
@ -80,7 +80,7 @@ macaddr_out(PG_FUNCTION_ARGS)
 	result = (char *) palloc(32);
-	sprintf(result, "%02x:%02x:%02x:%02x:%02x:%02x",
+	snprintf(result, 32, "%02x:%02x:%02x:%02x:%02x:%02x",
 			addr->a, addr->b, addr->c, addr->d, addr->e, addr->f);
 	PG_RETURN_CSTRING(result);
--- a/src/backend/utils/adt/tid.c
+++ b/src/backend/utils/adt/tid.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/tid.c,v 1.33 2002/08/15 16:36:05 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/tid.c,v 1.34 2002/08/28 20:46:24 momjian Exp $
 *
 * NOTES
 *	  input routine largely stolen from boxin().
@ -101,7 +101,7 @@ tidout(PG_FUNCTION_ARGS)
 	blockNumber = BlockIdGetBlockNumber(blockId);
 	offsetNumber = itemPtr->ip_posid;
-	sprintf(buf, "(%u,%u)", blockNumber, offsetNumber);
+	snprintf(buf, sizeof(buf), "(%u,%u)", blockNumber, offsetNumber);
 	PG_RETURN_CSTRING(pstrdup(buf));
 }
--- a/src/backend/utils/adt/varlena.c
+++ b/src/backend/utils/adt/varlena.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.88 2002/08/22 03:24:00 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/adt/varlena.c,v 1.89 2002/08/28 20:46:24 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -1787,12 +1787,11 @@ to_hex32(PG_FUNCTION_ARGS)
 {
 	static char		digits[] = "0123456789abcdef";
 	char			buf[32];	/* bigger than needed, but reasonable */
-	char		   *ptr,
+	char		   *ptr;
 				   *end;
 	text		   *result_text;
 	int32			value = PG_GETARG_INT32(0);
-	end = ptr = buf + sizeof(buf) - 1;
+	ptr = buf + sizeof(buf) - 1;
 	*ptr = '\0';
 	do
@ -1814,12 +1813,11 @@ to_hex64(PG_FUNCTION_ARGS)
 {
 	static char		digits[] = "0123456789abcdef";
 	char			buf[32];	/* bigger than needed, but reasonable */
-	char			*ptr,
+	char			*ptr;
 					*end;
 	text			*result_text;
 	int64			value = PG_GETARG_INT64(0);
-	end = ptr = buf + sizeof(buf) - 1;
+	ptr = buf + sizeof(buf) - 1;
 	*ptr = '\0';
 	do
--- a/src/bin/pg_dump/pg_backup_tar.c
+++ b/src/bin/pg_dump/pg_backup_tar.c
@ -16,7 +16,7 @@
 *
 *
 * IDENTIFICATION
- *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_tar.c,v 1.25 2002/08/20 17:54:44 petere Exp $
+ *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_tar.c,v 1.26 2002/08/28 20:46:24 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -1189,12 +1189,10 @@ static void
 _tarWriteHeader(TAR_MEMBER *th)
 {
 	char		h[512];
 	int			i;
 	int			lastSum = 0;
 	int			sum;
-	for (i = 0; i < 512; i++)
+	memset(h, 0, sizeof(h));
 		h[i] = '\0';
 	/* Name 100 */
 	sprintf(&h[0], "%.99s", th->targetFile);
--- a/src/bin/pg_dump/pg_backup_tar.h
+++ b/src/bin/pg_dump/pg_backup_tar.h
@ -1,10 +1,10 @@
 /*
- * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_tar.h,v 1.3 2001/03/22 04:00:14 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_tar.h,v 1.4 2002/08/28 20:46:24 momjian Exp $
 *
 * TAR Header
 *
 * Offset	Length	 Contents
- *	 0	  100 bytes  File name ('\0' terminated, 99 maxmum length)
+ *	 0	  100 bytes  File name ('\0' terminated, 99 maximum length)
 * 100		8 bytes  File mode (in octal ascii)
 * 108		8 bytes  User ID (in octal ascii)
 * 116		8 bytes  Group ID (in octal ascii)
@ -12,10 +12,10 @@
 * 136	   12 bytes  Modify time (in octal ascii)
 * 148		8 bytes  Header checksum (in octal ascii)
 * 156		1 bytes  Link flag
- * 157	  100 bytes  Linkname ('\0' terminated, 99 maxmum length)
+ * 157	  100 bytes  Linkname ('\0' terminated, 99 maximum length)
 * 257		8 bytes  Magic ("ustar  \0")
- * 265	   32 bytes  User name ('\0' terminated, 31 maxmum length)
+ * 265	   32 bytes  User name ('\0' terminated, 31 maximum length)
- * 297	   32 bytes  Group name ('\0' terminated, 31 maxmum length)
+ * 297	   32 bytes  Group name ('\0' terminated, 31 maximum length)
 * 329		8 bytes  Major device ID (in octal ascii)
 * 337		8 bytes  Minor device ID (in octal ascii)
 * 345	  167 bytes  Padding
--- a/src/bin/psql/print.c
+++ b/src/bin/psql/print.c
@ -3,7 +3,7 @@
 *
 * Copyright 2000 by PostgreSQL Global Development Group
 *
- * $Header: /cvsroot/pgsql/src/bin/psql/print.c,v 1.29 2002/08/27 20:16:48 petere Exp $
+ * $Header: /cvsroot/pgsql/src/bin/psql/print.c,v 1.30 2002/08/28 20:46:24 momjian Exp $
 */
 #include "postgres_fe.h"
 #include "print.h"
@ -494,9 +494,9 @@ print_aligned_vertical(const char *title, const char *const * headers,
 				}
 				if (opt_border == 0)
-					sprintf(record_str, "* Record %d", record++);
+					snprintf(record_str, 32, "* Record %d", record++);
 				else
-					sprintf(record_str, "[ RECORD %d ]", record++);
+					snprintf(record_str, 32, "[ RECORD %d ]", record++);
 				record_str_len = strlen(record_str);
 				if (record_str_len + opt_border > strlen(divider))
--- a/src/interfaces/cli/example2.c
+++ b/src/interfaces/cli/example2.c
@ -56,7 +56,7 @@ example2(SQLCHAR *server, SQLCHAR *uid, SQLCHAR *authen, SQLCHAR *sqlstr)
 	SQLHDBC		hdbc;
 	SQLHSTMT	hstmt;
 	SQLCHAR		errmsg[256];
-	SQLCHAR		colname[32];
+	SQLCHAR		colname[64];
 	SQLSMALLINT coltype;
 	SQLSMALLINT colnamelen;
 	SQLSMALLINT nullable;
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@ -4,7 +4,7 @@
 *						  procedural language
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.34 2002/08/08 01:36:04 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.35 2002/08/28 20:46:24 momjian Exp $
 *
 *	  This software is copyrighted by Jan Wieck - Hamburg.
 *
@ -1594,7 +1594,7 @@ read_sql_construct(int until,
 		{
 			case T_VARIABLE:
 				params[nparams] = yylval.variable->dno;
-				sprintf(buf, " $%d ", ++nparams);
+				snprintf(buf, sizeof(buf), " $%d ", ++nparams);
 				plpgsql_dstring_append(&ds, buf);
 				break;
@ -1791,7 +1791,7 @@ make_select_stmt(void)
 		{
 			case T_VARIABLE:
 				params[nparams] = yylval.variable->dno;
-				sprintf(buf, " $%d ", ++nparams);
+				snprintf(buf, sizeof(buf), " $%d ", ++nparams);
 				plpgsql_dstring_append(&ds, buf);
 				break;
--- a/src/pl/plpgsql/src/pl_comp.c
+++ b/src/pl/plpgsql/src/pl_comp.c
@ -3,7 +3,7 @@
 *			  procedural language
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.47 2002/08/22 00:01:50 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/pl/plpgsql/src/pl_comp.c,v 1.48 2002/08/28 20:46:24 momjian Exp $
 *
 *	  This software is copyrighted by Jan Wieck - Hamburg.
 *
@ -249,7 +249,7 @@ plpgsql_compile(Oid fn_oid, int functype)
 			{
 				char		buf[32];
-				sprintf(buf, "$%d", i + 1);	/* name for variable */
+				snprintf(buf, sizeof(buf), "$%d", i + 1);	/* name for variable */
 				/*
 				 * Get the parameters type