backend where a statically sized buffer is written to. Most of these

should be pretty safe in practice, but it's probably better to be safe than sorry. I was actually looking for cases where NAMEDATALEN is assumed to be 32, but only found one. That's fixed too, as well as a few bits of code cleanup. Neil Conway
author: Bruce Momjian 2002-08-28 20:46:24 +0000
committer: Bruce Momjian 2002-08-28 20:46:24 +0000
commit: a33b0dc27c5e47145c23f51fc21c3ae2cba84b5a (patch)
tree: 789cf18883d16d7eade0fc50d4cd8b5ca360617e
parent: 89cf53d039efc909ab0609edb4e962ed25d9560d (diff)
13 files changed, 21 insertions, 25 deletions
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
index e3fe9804ab..406a6fef7a 100644
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -545,7 +545,7 @@ InitPlan(CmdType operation, Query *parseTree, Plan *plan, EState *estate)
 			erm = (execRowMark *) palloc(sizeof(execRowMark));
 			erm->relation = relation;
 			erm->rti = rti;
-			sprintf(erm->resname, "ctid%u", rti);
+			snprintf(erm->resname, 32, "ctid%u", rti);
 			estate->es_rowMark = lappend(estate->es_rowMark, erm);
 		}
 	}
diff --git a/src/backend/optimizer/plan/planner.c b/src/backend/optimizer/plan/planner.c
index be570a7fe7..4a62e7032e 100644
--- a/src/backend/optimizer/plan/planner.c
+++ b/src/backend/optimizer/plan/planner.c
@@ -961,7 +961,7 @@ grouping_planner(Query *parse, double tuple_fraction)
 				TargetEntry *ctid;
 
 				resname = (char *) palloc(32);
-				sprintf(resname, "ctid%u", rti);
+				snprintf(resname, 32, "ctid%u", rti);
 				resdom = makeResdom(length(tlist) + 1,
 									TIDOID,
 									-1,
diff --git a/src/backend/parser/analyze.c b/src/backend/parser/analyze.c
index ee1f363890..538c847e80 100644
--- a/src/backend/parser/analyze.c
+++ b/src/backend/parser/analyze.c
@@ -2157,7 +2157,7 @@ transformSetOperationTree(ParseState *pstate, SelectStmt *stmt)
 		/*
 		 * Make the leaf query be a subquery in the top-level rangetable.
 		 */
-		sprintf(selectName, "*SELECT* %d", length(pstate->p_rtable) + 1);
+		snprintf(selectName, 32, "*SELECT* %d", length(pstate->p_rtable) + 1);
 		rte = addRangeTableEntryForSubquery(pstate,
 											selectQuery,
 											makeAlias(selectName, NIL),
diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y
index e6e4b6a54c..d9becfccc4 100644
--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -2096,7 +2096,7 @@ TriggerFuncArg:
 			ICONST
 				{
 					char buf[64];
-					sprintf (buf, "%d", $1);
+					snprintf (buf, sizeof(buf), "%d", $1);
 					$$ = makeString(pstrdup(buf));
 				}
 			| FCONST								{ $$ = makeString($1); }
diff --git a/src/backend/utils/adt/mac.c b/src/backend/utils/adt/mac.c
index e209945783..25a39a962c 100644
--- a/src/backend/utils/adt/mac.c
+++ b/src/backend/utils/adt/mac.c
@@ -80,7 +80,7 @@ macaddr_out(PG_FUNCTION_ARGS)
 
 	result = (char *) palloc(32);
 
-	sprintf(result, "%02x:%02x:%02x:%02x:%02x:%02x",
+	snprintf(result, 32, "%02x:%02x:%02x:%02x:%02x:%02x",
 			addr->a, addr->b, addr->c, addr->d, addr->e, addr->f);
 
 	PG_RETURN_CSTRING(result);
diff --git a/src/backend/utils/adt/tid.c b/src/backend/utils/adt/tid.c
index c67a58bc76..b59ee21e29 100644
--- a/src/backend/utils/adt/tid.c
+++ b/src/backend/utils/adt/tid.c
@@ -101,7 +101,7 @@ tidout(PG_FUNCTION_ARGS)
 	blockNumber = BlockIdGetBlockNumber(blockId);
 	offsetNumber = itemPtr->ip_posid;
 
-	sprintf(buf, "(%u,%u)", blockNumber, offsetNumber);
+	snprintf(buf, sizeof(buf), "(%u,%u)", blockNumber, offsetNumber);
 
 	PG_RETURN_CSTRING(pstrdup(buf));
 }
diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c
index 56c8f1be8d..bba388f537 100644
--- a/src/backend/utils/adt/varlena.c
+++ b/src/backend/utils/adt/varlena.c
@@ -1787,12 +1787,11 @@ to_hex32(PG_FUNCTION_ARGS)
 {
 	static char		digits[] = "0123456789abcdef";
 	char			buf[32];	/* bigger than needed, but reasonable */
-	char		   *ptr,
-				   *end;
+	char		   *ptr;
 	text		   *result_text;
 	int32			value = PG_GETARG_INT32(0);
 
-	end = ptr = buf + sizeof(buf) - 1;
+	ptr = buf + sizeof(buf) - 1;
 	*ptr = '\0';
 
 	do
@@ -1814,12 +1813,11 @@ to_hex64(PG_FUNCTION_ARGS)
 {
 	static char		digits[] = "0123456789abcdef";
 	char			buf[32];	/* bigger than needed, but reasonable */
-	char			*ptr,
-					*end;
+	char			*ptr;
 	text			*result_text;
 	int64			value = PG_GETARG_INT64(0);
 
-	end = ptr = buf + sizeof(buf) - 1;
+	ptr = buf + sizeof(buf) - 1;
 	*ptr = '\0';
 
 	do
diff --git a/src/bin/pg_dump/pg_backup_tar.c b/src/bin/pg_dump/pg_backup_tar.c
index 07e2b2ab7a..c0bb429326 100644
--- a/src/bin/pg_dump/pg_backup_tar.c
+++ b/src/bin/pg_dump/pg_backup_tar.c
@@ -1189,12 +1189,10 @@ static void
 _tarWriteHeader(TAR_MEMBER *th)
 {
 	char		h[512];
-	int			i;
 	int			lastSum = 0;
 	int			sum;
 
-	for (i = 0; i < 512; i++)
-		h[i] = '\0';
+	memset(h, 0, sizeof(h));
 
 	/* Name 100 */
 	sprintf(&h[0], "%.99s", th->targetFile);
diff --git a/src/bin/pg_dump/pg_backup_tar.h b/src/bin/pg_dump/pg_backup_tar.h
index 5b0b64b0c3..97b3beabcf 100644
--- a/src/bin/pg_dump/pg_backup_tar.h
+++ b/src/bin/pg_dump/pg_backup_tar.h
@@ -4,7 +4,7 @@
  * TAR Header
  *
  * Offset	Length	 Contents
- *	 0	  100 bytes  File name ('\0' terminated, 99 maxmum length)
+ *	 0	  100 bytes  File name ('\0' terminated, 99 maximum length)
  * 100		8 bytes  File mode (in octal ascii)
  * 108		8 bytes  User ID (in octal ascii)
  * 116		8 bytes  Group ID (in octal ascii)
@@ -12,10 +12,10 @@
  * 136	   12 bytes  Modify time (in octal ascii)
  * 148		8 bytes  Header checksum (in octal ascii)
  * 156		1 bytes  Link flag
- * 157	  100 bytes  Linkname ('\0' terminated, 99 maxmum length)
+ * 157	  100 bytes  Linkname ('\0' terminated, 99 maximum length)
  * 257		8 bytes  Magic ("ustar  \0")
- * 265	   32 bytes  User name ('\0' terminated, 31 maxmum length)
- * 297	   32 bytes  Group name ('\0' terminated, 31 maxmum length)
+ * 265	   32 bytes  User name ('\0' terminated, 31 maximum length)
+ * 297	   32 bytes  Group name ('\0' terminated, 31 maximum length)
  * 329		8 bytes  Major device ID (in octal ascii)
  * 337		8 bytes  Minor device ID (in octal ascii)
  * 345	  167 bytes  Padding
diff --git a/src/bin/psql/print.c b/src/bin/psql/print.c
index 1166b2b1c8..173a995086 100644
--- a/src/bin/psql/print.c
+++ b/src/bin/psql/print.c
@@ -494,9 +494,9 @@ print_aligned_vertical(const char *title, const char *const * headers,
 				}
 
 				if (opt_border == 0)
-					sprintf(record_str, "* Record %d", record++);
+					snprintf(record_str, 32, "* Record %d", record++);
 				else
-					sprintf(record_str, "[ RECORD %d ]", record++);
+					snprintf(record_str, 32, "[ RECORD %d ]", record++);
 				record_str_len = strlen(record_str);
 
 				if (record_str_len + opt_border > strlen(divider))
diff --git a/src/interfaces/cli/example2.c b/src/interfaces/cli/example2.c
index 42a63e5b50..6a4fb56c73 100644
--- a/src/interfaces/cli/example2.c
+++ b/src/interfaces/cli/example2.c
@@ -56,7 +56,7 @@ example2(SQLCHAR *server, SQLCHAR *uid, SQLCHAR *authen, SQLCHAR *sqlstr)
 	SQLHDBC		hdbc;
 	SQLHSTMT	hstmt;
 	SQLCHAR		errmsg[256];
-	SQLCHAR		colname[32];
+	SQLCHAR		colname[64];
 	SQLSMALLINT coltype;
 	SQLSMALLINT colnamelen;
 	SQLSMALLINT nullable;
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index af6bf3baa6..fa56156d88 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -1594,7 +1594,7 @@ read_sql_construct(int until,
 		{
 			case T_VARIABLE:
 				params[nparams] = yylval.variable->dno;
-				sprintf(buf, " $%d ", ++nparams);
+				snprintf(buf, sizeof(buf), " $%d ", ++nparams);
 				plpgsql_dstring_append(&ds, buf);
 				break;
 
@@ -1791,7 +1791,7 @@ make_select_stmt(void)
 		{
 			case T_VARIABLE:
 				params[nparams] = yylval.variable->dno;
-				sprintf(buf, " $%d ", ++nparams);
+				snprintf(buf, sizeof(buf), " $%d ", ++nparams);
 				plpgsql_dstring_append(&ds, buf);
 				break;
 
diff --git a/src/pl/plpgsql/src/pl_comp.c b/src/pl/plpgsql/src/pl_comp.c
index 5d832ded95..3510bd0170 100644
--- a/src/pl/plpgsql/src/pl_comp.c
+++ b/src/pl/plpgsql/src/pl_comp.c
@@ -249,7 +249,7 @@ plpgsql_compile(Oid fn_oid, int functype)
 			{
 				char		buf[32];
 
-				sprintf(buf, "$%d", i + 1);	/* name for variable */
+				snprintf(buf, sizeof(buf), "$%d", i + 1);	/* name for variable */
 
 				/*
 				 * Get the parameters type
author	Bruce Momjian	2002-08-28 20:46:24 +0000
committer	Bruce Momjian	2002-08-28 20:46:24 +0000
commit	a33b0dc27c5e47145c23f51fc21c3ae2cba84b5a (patch)
tree	789cf18883d16d7eade0fc50d4cd8b5ca360617e
parent	89cf53d039efc909ab0609edb4e962ed25d9560d (diff)