diff options
| author | Neil Conway <neilc@samurai.com> | 2005-01-21 00:17:02 +0000 |
|---|---|---|
| committer | Neil Conway <neilc@samurai.com> | 2005-01-21 00:17:02 +0000 |
| commit | de49759a0e28657db53a1e1c8425ea72632dac95 (patch) | |
| tree | 40b3fe9035c70d1b7f8f359d322cfec6b2bffa8f | |
| parent | e2d65d70627d8909ff421eb3ab1460bb71d07b7d (diff) | |
| download | postgresql-de49759a0e28657db53a1e1c8425ea72632dac95.tar.gz postgresql-de49759a0e28657db53a1e1c8425ea72632dac95.zip | |
Prevent overrunning a heap-allocated buffer is more than 1024 parameters
to a refcursor declaration are specified. This is a minimally-invasive fix
for the buffer overrun -- a more thorough cleanup will be checked into
HEAD.
| -rw-r--r-- | src/pl/plpgsql/src/gram.y | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y index c1d0f6c90ab..908fd364a9b 100644 --- a/src/pl/plpgsql/src/gram.y +++ b/src/pl/plpgsql/src/gram.y @@ -4,7 +4,7 @@ * procedural language * * IDENTIFICATION - * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64 2004/10/25 06:27:21 neilc Exp $ + * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.1 2005/01/21 00:17:02 neilc Exp $ * * This software is copyrighted by Jan Wieck - Hamburg. * @@ -474,6 +474,10 @@ decl_cursor_arglist : decl_cursor_arg { int i = $1->nfields++; + /* Guard against overflowing the array on malicious input */ + if (i >= 1024) + yyerror("too many parameters specified for refcursor"); + $1->fieldnames[i] = $3->refname; $1->varnos[i] = $3->dno; |