Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit46ace73

Browse files
committed
Back-patch Neil's four additional buffer overrun checks.
1 parentebe0341 commit46ace73

File tree

1 file changed

+31
-1
lines changed

1 file changed

+31
-1
lines changed

‎src/pl/plpgsql/src/gram.y

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* procedural language
55
*
66
* IDENTIFICATION
7-
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.2 2005/01/27 01:52:34 neilc Exp $
7+
* $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.3 2005/02/08 18:22:54 tgl Exp $
88
*
99
* This software is copyrighted by Jan Wieck - Hamburg.
1010
*
@@ -1565,6 +1565,14 @@ read_sql_construct(int until,
15651565
}
15661566
if (plpgsql_SpaceScanned)
15671567
plpgsql_dstring_append(&ds,"");
1568+
1569+
/* Check for array overflow*/
1570+
if (nparams >=1024)
1571+
{
1572+
plpgsql_error_lineno = lno;
1573+
elog(ERROR,"too many variables specified in SQL statement");
1574+
}
1575+
15681576
switch (tok)
15691577
{
15701578
case T_VARIABLE:
@@ -1708,6 +1716,14 @@ make_select_stmt()
17081716

17091717
if (plpgsql_SpaceScanned)
17101718
plpgsql_dstring_append(&ds,"");
1719+
1720+
/* Check for array overflow*/
1721+
if (nparams >=1024)
1722+
{
1723+
plpgsql_error_lineno = yylineno;
1724+
elog(ERROR,"too many variables specified in SQL statement");
1725+
}
1726+
17111727
switch (tok)
17121728
{
17131729
case T_VARIABLE:
@@ -1776,6 +1792,13 @@ make_select_stmt()
17761792

17771793
while ((tok =yylex()) ==',')
17781794
{
1795+
/* Check for array overflow*/
1796+
if (nfields >=1024)
1797+
{
1798+
plpgsql_error_lineno = yylineno;
1799+
elog(ERROR,"too many INTO variables specified");
1800+
}
1801+
17791802
tok =yylex();
17801803
switch(tok)
17811804
{
@@ -1992,6 +2015,13 @@ make_fetch_stmt()
19922015

19932016
while ((tok =yylex()) ==',')
19942017
{
2018+
/* Check for array overflow*/
2019+
if (nfields >=1024)
2020+
{
2021+
plpgsql_error_lineno = yylineno;
2022+
elog(ERROR,"too many INTO variables specified");
2023+
}
2024+
19952025
tok =yylex();
19962026
switch(tok)
19972027
{

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp