aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNeil Conway <neilc@samurai.com>2005-02-07 03:52:22 +0000
committerNeil Conway <neilc@samurai.com>2005-02-07 03:52:22 +0000
commit6c5c748d64abdc67455d379d673abe19b249058b (patch)
tree179752fd08c8b2c1c5f9016f1d5e4d533a1e1372 /src
parent5b327fb917c126f93ee85db09a16ca02c0dd8bf9 (diff)
downloadpostgresql-6c5c748d64abdc67455d379d673abe19b249058b.tar.gz
postgresql-6c5c748d64abdc67455d379d673abe19b249058b.zip
Prevent 4 more buffer overruns in the PL/PgSQL parser. This is just a
minimally-invasive fix for stable branches; a cleaner fix will be committed to HEAD soon.
Diffstat (limited to 'src')
-rw-r--r--src/pl/plpgsql/src/gram.y38
1 files changed, 37 insertions, 1 deletions
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index 908fd364a9b..a080e53adec 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
* procedural language
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.1 2005/01/21 00:17:02 neilc Exp $
+ * $PostgreSQL: pgsql/src/pl/plpgsql/src/gram.y,v 1.64.4.2 2005/02/07 03:52:22 neilc Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -1792,6 +1792,15 @@ read_sql_construct(int until,
plpgsql_dstring_append(&ds, yytext);
break;
}
+
+ /* Check for array overflow */
+ if (nparams >= 1024)
+ {
+ plpgsql_error_lineno = lno;
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("too many variables specified in SQL statement")));
+ }
}
if (endtoken)
@@ -1940,6 +1949,15 @@ make_select_stmt(void)
while ((tok = yylex()) == ',')
{
+ /* Check for array overflow */
+ if (nfields >= 1024)
+ {
+ plpgsql_error_lineno = plpgsql_scanner_lineno();
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("too many INTO variables specified")));
+ }
+
tok = yylex();
switch(tok)
{
@@ -2014,6 +2032,15 @@ make_select_stmt(void)
plpgsql_dstring_append(&ds, yytext);
break;
}
+
+ /* Check for array overflow */
+ if (nparams >= 1024)
+ {
+ plpgsql_error_lineno = plpgsql_scanner_lineno();
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("too many variables specified in SQL statement")));
+ }
}
expr = malloc(sizeof(PLpgSQL_expr) + sizeof(int) * nparams - sizeof(int));
@@ -2085,6 +2112,15 @@ make_fetch_stmt(void)
while ((tok = yylex()) == ',')
{
+ /* Check for array overflow */
+ if (nfields >= 1024)
+ {
+ plpgsql_error_lineno = plpgsql_scanner_lineno();
+ ereport(ERROR,
+ (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ errmsg("too many INTO variables specified")));
+ }
+
tok = yylex();
switch(tok)
{