From 4032ef18d06aa7a3db515926ddebe8af04e533fe Mon Sep 17 00:00:00 2001
From: Michael Meskes <meskes@postgresql.org>
Date: Thu, 22 Dec 2016 08:28:13 +0100
Subject: [PATCH] Fix buffer overflow on particularly named files and clarify
 documentation about output file naming.

Patch by Tsunakawa, Takayuki <tsunakawa.takay@jp.fujitsu.com>
---
 doc/src/sgml/ref/ecpg-ref.sgml     | 8 +++-----
 src/interfaces/ecpg/preproc/ecpg.c | 3 ++-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/doc/src/sgml/ref/ecpg-ref.sgml b/doc/src/sgml/ref/ecpg-ref.sgml
index 029bd4a4d22..8bfb47c4d79 100644
--- a/doc/src/sgml/ref/ecpg-ref.sgml
+++ b/doc/src/sgml/ref/ecpg-ref.sgml
@@ -42,11 +42,9 @@ PostgreSQL documentation
   <para>
    <command>ecpg</command> will convert each input file given on the
    command line to the corresponding C output file.  Input files
-   preferably have the extension <filename>.pgc</filename>, in which
-   case the extension will be replaced by <filename>.c</filename> to
-   determine the output file name.  If the extension of the input file
-   is not <filename>.pgc</filename>, then the output file name is
-   computed by appending <literal>.c</literal> to the full file name.
+   preferably have the extension <filename>.pgc</filename>.
+   The extension will be replaced by <filename>.c</filename> to
+   determine the output file name.
    The output file name can also be overridden using the
    <option>-o</option> option.
   </para>
diff --git a/src/interfaces/ecpg/preproc/ecpg.c b/src/interfaces/ecpg/preproc/ecpg.c
index 3b0de973210..59dce140a93 100644
--- a/src/interfaces/ecpg/preproc/ecpg.c
+++ b/src/interfaces/ecpg/preproc/ecpg.c
@@ -313,7 +313,8 @@ main(int argc, char *const argv[])
 					base_yyout = stdout;
 				else
 				{
-					output_filename = mm_strdup(input_filename);
+					output_filename = mm_alloc(strlen(input_filename) + 3);
+					strcpy(output_filename, input_filename);
 
 					ptr2ext = strrchr(output_filename, '.');
 					/* make extension = .c resp. .h */
-- 
GitLab