mirror of
https://github.com/postgres/postgres.git
synced 2025-08-31 17:02:12 +03:00
a05bb9addb
intoasc(), a wrapper for PGTYPESinterval_to_asc that converts an interval to its textual representation, used a plain memcpy() when copying its result. This could miss a zero-termination in the result string, leading to an incorrect result. The routines in informix.c do not provide the length of their result buffer, which would allow a replacement of strcpy() to safer strlcpy() calls, but this requires an ABI breakage and that cannot happen in back-branches. Author: Oleg Tselebrovskiy Reviewed-by: Ashutosh Bapat Discussion: https://postgr.es/m/bf47888585149f83b276861a1662f7e4@postgrespro.ru Backpatch-through: 12
src/interfaces/ecpg/README.dynSQL
descriptor statements have the following shortcomings
- input descriptors (USING DESCRIPTOR <name>) are not supported
Reason: to fully support dynamic SQL the frontend/backend communication
should change to recognize input parameters.
Since this is not likely to happen in the near future and you
can cover the same functionality with the existing infrastructure
(using s[n]printf), I'll leave the work to someone else.