Commit9eeeb98

Neil Conway

committed

Backpatch fix for buffer overrun in parsing refcursor parameters to

REL7_2_STABLE.

1 parent13fab5b commit9eeeb98Copy full SHA for 9eeeb98

File tree

-1

lines changed

-1

lines changed

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`* procedural language`
`5`	`5`	`*`
`6`	`6`	`* IDENTIFICATION`
`7`		`- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.1 2002/05/21 18:50:18 tgl Exp $`
	`7`	`+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.29.2.2 2005/01/27 01:52:34 neilc Exp $`
`8`	`8`	`*`
`9`	`9`	`* This software is copyrighted by Jan Wieck - Hamburg.`
`10`	`10`	`*`
`@@ -476,6 +476,10 @@ decl_cursor_arglist : decl_cursor_arg`
`476`	`476`	`{`
`477`	`477`	`int i =$1->nfields++;`
`478`	`478`
	`479`	`+/* Guard against overflowing the array on malicious input*/`
	`480`	`+if (i >=1024)`
	`481`	`+yyerror("too many parameters specified for refcursor");`
	`482`	`+`
`479`	`483`	`$1->fieldnames[i] =$3->refname;`
`480`	`484`	`$1->varnos[i] =$3->varno;`
`481`	`485`

Comments

(0)