From 66eb8df6a4a04922e34dcb2dc543fe231b94903d Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Thu, 15 Aug 2002 02:58:29 +0000
Subject: [PATCH] The attached patch changes most of the usages of sprintf() to
snprintf() in contrib/. I didn't touch the places where pointer arithmatic
was being used, or other areas where the fix wasn't trivial. I would think
that few, if any, of the usages of sprintf() were actually exploitable, but
it's probably better to be paranoid...
Neil Conway
---
contrib/dbase/dbf.c | 8 ++++----
contrib/dbase/dbf2pg.c | 6 +++---
contrib/findoidjoins/findoidjoins.c | 4 ++--
contrib/lo/lo.c | 4 ++--
contrib/mSQL-interface/mpgsql.c | 12 ++++++++----
contrib/oid2name/oid2name.c | 10 +++++-----
contrib/pg_dumplo/lo_export.c | 13 +++++++------
contrib/pg_dumplo/lo_import.c | 7 ++++---
contrib/pg_dumplo/utils.c | 8 ++++----
contrib/pg_resetxlog/pg_resetxlog.c | 4 ++--
contrib/pgbench/pgbench.c | 20 ++++++++++----------
contrib/rserv/rserv.c | 18 ++++++++++--------
contrib/spi/refint.c | 26 ++++++++++++++------------
contrib/spi/timetravel.c | 6 +++---
contrib/vacuumlo/vacuumlo.c | 4 ++--
15 files changed, 80 insertions(+), 70 deletions(-)
diff --git a/contrib/dbase/dbf.c b/contrib/dbase/dbf.c
index 053e9adffbf..357966b499e 100644
--- a/contrib/dbase/dbf.c
+++ b/contrib/dbase/dbf.c
@@ -437,7 +437,7 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where)
format: sprintf format-string to get the right precision with real numbers
NOTE: this declaration of 'foo' can cause overflow when the contents-field
- is longer the 127 chars (which is highly unlikely, cos it is not used
+ is longer the 127 chars (which is highly unlikely, because it is not used
in text-fields).
*/
/* REMEMBER THAT THERE'S A 0x1A AT THE END OF THE FILE, SO DON'T
@@ -488,11 +488,11 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where)
if ((rec[t].db_type == 'N') && (rec[t].db_dec != 0))
{
fl = atof(rec[t].db_contents);
- sprintf(format, "%%.%df", rec[t].db_dec);
- sprintf(foo, format, fl);
+ snprintf(format, 32, "%%.%df", rec[t].db_dec);
+ snprintf(foo, 128, format, fl);
}
else
- strcpy(foo, rec[t].db_contents);
+ strncpy(foo, rec[t].db_contents, 128);
if (strlen(foo) > rec[t].db_flen)
length = rec[t].db_flen;
else
diff --git a/contrib/dbase/dbf2pg.c b/contrib/dbase/dbf2pg.c
index 5f5e9d2823f..4522368e062 100644
--- a/contrib/dbase/dbf2pg.c
+++ b/contrib/dbase/dbf2pg.c
@@ -308,7 +308,7 @@ do_create(PGconn *conn, char *table, dbhead * dbh)
if (dbh->db_fields[i].db_flen > 1)
{
strcat(query, " varchar");
- sprintf(t, "(%d)",
+ snprintf(t, 20, "(%d)",
dbh->db_fields[i].db_flen);
strcat(query, t);
}
@@ -361,7 +361,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
result;
char *query,
*foo;
- char pgdate[10];
+ char pgdate[11];
if (verbose > 1)
printf("Inserting records\n");
@@ -467,7 +467,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
{
if ((strlen(foo) == 8) && isinteger(foo))
{
- sprintf(pgdate, "%c%c%c%c-%c%c-%c%c",
+ snprintf(pgdate, 11, "%c%c%c%c-%c%c-%c%c",
foo[0], foo[1], foo[2], foo[3],
foo[4], foo[5], foo[6], foo[7]);
strcat(query, pgdate);
diff --git a/contrib/findoidjoins/findoidjoins.c b/contrib/findoidjoins/findoidjoins.c
index c426b5523a3..b3bef4d3cb3 100644
--- a/contrib/findoidjoins/findoidjoins.c
+++ b/contrib/findoidjoins/findoidjoins.c
@@ -68,14 +68,14 @@ main(int argc, char **argv)
{
unset_result(relres);
if (strcmp(typname, "oid") == 0)
- sprintf(query, "\
+ snprintf(query, 4000, "\
DECLARE c_matches BINARY CURSOR FOR \
SELECT count(*)::int4 \
FROM \"%s\" t1, \"%s\" t2 \
WHERE t1.\"%s\" = t2.oid ",
relname, relname2, attname);
else
- sprintf(query, "\
+ sprintf(query, 4000, "\
DECLARE c_matches BINARY CURSOR FOR \
SELECT count(*)::int4 \
FROM \"%s\" t1, \"%s\" t2 \
diff --git a/contrib/lo/lo.c b/contrib/lo/lo.c
index 8215c4cbbca..8f0a6077af8 100644
--- a/contrib/lo/lo.c
+++ b/contrib/lo/lo.c
@@ -1,7 +1,7 @@
/*
* PostgreSQL type definitions for managed LargeObjects.
*
- * $Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.11 2001/12/07 04:18:31 inoue Exp $
+ * $Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.12 2002/08/15 02:58:29 momjian Exp $
*
*/
@@ -92,7 +92,7 @@ lo_out(Blob * addr)
return (NULL);
result = (char *) palloc(32);
- sprintf(result, "%u", *addr);
+ snprintf(result, 32, "%u", *addr);
return (result);
}
diff --git a/contrib/mSQL-interface/mpgsql.c b/contrib/mSQL-interface/mpgsql.c
index 8b59485471c..27639ad1d40 100644
--- a/contrib/mSQL-interface/mpgsql.c
+++ b/contrib/mSQL-interface/mpgsql.c
@@ -106,7 +106,7 @@ msqlCreateDB(int a, char *b)
{
char tbuf[BUFSIZ];
- sprintf(tbuf, "create database %s", b);
+ snprintf(tbuf, BUFSIZ, "create database %s", b);
return msqlQuery(a, tbuf) >= 0 ? 0 : -1;
}
@@ -115,7 +115,7 @@ msqlDropDB(int a, char *b)
{
char tbuf[BUFSIZ];
- sprintf(tbuf, "drop database %s", b);
+ snprintf(tbuf, BUFSIZ, "drop database %s", b);
return msqlQuery(a, tbuf) >= 0 ? 0 : -1;
}
@@ -262,7 +262,9 @@ msqlListTables(int a)
m_result *m;
char tbuf[BUFSIZ];
- sprintf(tbuf, "select relname from pg_class where relkind='r' and relowner=%d", getuid());
+ snprintf(tbuf, BUFSIZ,
+ "select relname from pg_class where relkind='r' and relowner=%d",
+ getuid());
if (msqlQuery(a, tbuf) > 0)
{
m = msqlStoreResult();
@@ -284,7 +286,9 @@ msqlListIndex(int a, char *b, char *c)
m_result *m;
char tbuf[BUFSIZ];
- sprintf(tbuf, "select relname from pg_class where relkind='i' and relowner=%d", getuid());
+ snprintf(tbuf, BUFSIZ,
+ "select relname from pg_class where relkind='i' and relowner=%d",
+ getuid());
if (msqlQuery(a, tbuf) > 0)
{
m = msqlStoreResult();
diff --git a/contrib/oid2name/oid2name.c b/contrib/oid2name/oid2name.c
index 6c3e7d420ab..8613800056b 100644
--- a/contrib/oid2name/oid2name.c
+++ b/contrib/oid2name/oid2name.c
@@ -337,7 +337,7 @@ sql_exec_dumpdb(PGconn *conn)
char todo[1024];
/* get the oid and database name from the system pg_database table */
- sprintf(todo, "select oid,datname from pg_database");
+ snprintf(todo, 1024, "select oid,datname from pg_database");
sql_exec(conn, todo, 0);
}
@@ -351,9 +351,9 @@ sql_exec_dumptable(PGconn *conn, int systables)
/* don't exclude the systables if this is set */
if (systables == 1)
- sprintf(todo, "select relfilenode,relname from pg_class order by relname");
+ snprintf(todo, 1024, "select relfilenode,relname from pg_class order by relname");
else
- sprintf(todo, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname");
+ snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname");
sql_exec(conn, todo, 0);
}
@@ -367,7 +367,7 @@ sql_exec_searchtable(PGconn *conn, const char *tablename)
char todo[1024];
/* get the oid and tablename where the name matches tablename */
- sprintf(todo, "select relfilenode,relname from pg_class where relname = '%s'", tablename);
+ snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname = '%s'", tablename);
returnvalue = sql_exec(conn, todo, 1);
@@ -386,7 +386,7 @@ sql_exec_searchoid(PGconn *conn, int oid)
int returnvalue;
char todo[1024];
- sprintf(todo, "select relfilenode,relname from pg_class where oid = %i", oid);
+ snprintf(todo, 1024, "select relfilenode,relname from pg_class where oid = %i", oid);
returnvalue = sql_exec(conn, todo, 1);
diff --git a/contrib/pg_dumplo/lo_export.c b/contrib/pg_dumplo/lo_export.c
index adb216fee2f..3e38b564097 100644
--- a/contrib/pg_dumplo/lo_export.c
+++ b/contrib/pg_dumplo/lo_export.c
@@ -1,7 +1,7 @@
/* -------------------------------------------------------------------------
* pg_dumplo
*
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.8 2001/10/25 05:49:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.9 2002/08/15 02:58:29 momjian Exp $
*
* Karel Zak 1999-2000
* -------------------------------------------------------------------------
@@ -110,8 +110,9 @@ pglo_export(LODumpMaster * pgLO)
/*
* Query: find the LOs referenced by this column
*/
- sprintf(Qbuff, "SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid",
- ll->lo_table, ll->lo_attr);
+ snprintf(Qbuff, QUERY_BUFSIZ,
+ "SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid",
+ ll->lo_table, ll->lo_attr);
/* puts(Qbuff); */
@@ -140,7 +141,7 @@ pglo_export(LODumpMaster * pgLO)
if (pgLO->action != ACTION_SHOW)
{
- sprintf(path, "%s/%s/%s", pgLO->space, pgLO->db,
+ snprintf(path, BUFSIZ, "%s/%s/%s", pgLO->space, pgLO->db,
ll->lo_table);
if (mkdir(path, DIR_UMASK) == -1)
@@ -152,7 +153,7 @@ pglo_export(LODumpMaster * pgLO)
}
}
- sprintf(path, "%s/%s/%s/%s", pgLO->space, pgLO->db,
+ snprintf(path, BUFSIZ, "%s/%s/%s/%s", pgLO->space, pgLO->db,
ll->lo_table, ll->lo_attr);
if (mkdir(path, DIR_UMASK) == -1)
@@ -185,7 +186,7 @@ pglo_export(LODumpMaster * pgLO)
continue;
}
- sprintf(path, "%s/%s/%s/%s/%s", pgLO->space,
+ snprintf(path, BUFSIZ, "%s/%s/%s/%s/%s", pgLO->space,
pgLO->db, ll->lo_table, ll->lo_attr, val);
if (lo_export(pgLO->conn, lo, path) < 0)
diff --git a/contrib/pg_dumplo/lo_import.c b/contrib/pg_dumplo/lo_import.c
index aec2aa0ceed..b880e18b243 100644
--- a/contrib/pg_dumplo/lo_import.c
+++ b/contrib/pg_dumplo/lo_import.c
@@ -1,7 +1,7 @@
/* -------------------------------------------------------------------------
* pg_dumplo
*
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.6 2001/10/25 05:49:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.7 2002/08/15 02:58:29 momjian Exp $
*
* Karel Zak 1999-2000
* -------------------------------------------------------------------------
@@ -48,7 +48,7 @@ pglo_import(LODumpMaster * pgLO)
loa.lo_table = tab;
loa.lo_attr = attr;
- sprintf(lo_path, "%s/%s", pgLO->space, path);
+ snprintf(lo_path, BUFSIZ, "%s/%s", pgLO->space, path);
/*
* Import LO
@@ -81,7 +81,8 @@ pglo_import(LODumpMaster * pgLO)
/*
* UPDATE oid in tab
*/
- sprintf(Qbuff, "UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u",
+ snprintf(Qbuff, QUERY_BUFSIZ,
+ "UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u",
loa.lo_table, loa.lo_attr, new_oid, loa.lo_attr, loa.lo_oid);
/* fprintf(stderr, Qbuff); */
diff --git a/contrib/pg_dumplo/utils.c b/contrib/pg_dumplo/utils.c
index d36ee4be083..aab35bcd7c7 100644
--- a/contrib/pg_dumplo/utils.c
+++ b/contrib/pg_dumplo/utils.c
@@ -1,7 +1,7 @@
/* -------------------------------------------------------------------------
* pg_dumplo
*
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.4 2001/03/22 03:59:10 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.5 2002/08/15 02:58:29 momjian Exp $
*
* Karel Zak 1999-2000
* -------------------------------------------------------------------------
@@ -36,7 +36,7 @@ index_file(LODumpMaster * pgLO)
if (pgLO->action == ACTION_SHOW)
return;
- sprintf(path, "%s/%s", pgLO->space, pgLO->db);
+ snprintf(path, BUFSIZ, "%s/%s", pgLO->space, pgLO->db);
if (pgLO->action == ACTION_EXPORT_ATTR ||
pgLO->action == ACTION_EXPORT_ALL)
@@ -51,7 +51,7 @@ index_file(LODumpMaster * pgLO)
}
}
- sprintf(path, "%s/lo_dump.index", path);
+ snprintf(path, BUFSIZ, "%s/lo_dump.index", path);
if ((pgLO->index = fopen(path, "w")) == NULL)
{
@@ -63,7 +63,7 @@ index_file(LODumpMaster * pgLO)
else if (pgLO->action != ACTION_NONE)
{
- sprintf(path, "%s/lo_dump.index", path);
+ snprintf(path, BUFSIZ, "%s/lo_dump.index", path);
if ((pgLO->index = fopen(path, "r")) == NULL)
{
diff --git a/contrib/pg_resetxlog/pg_resetxlog.c b/contrib/pg_resetxlog/pg_resetxlog.c
index cf1782d42ed..44925fc7c2e 100644
--- a/contrib/pg_resetxlog/pg_resetxlog.c
+++ b/contrib/pg_resetxlog/pg_resetxlog.c
@@ -23,7 +23,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.18 2002/06/20 20:29:24 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.19 2002/08/15 02:58:29 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -352,7 +352,7 @@ KillExistingXLOG(void)
if (strlen(xlde->d_name) == 16 &&
strspn(xlde->d_name, "0123456789ABCDEF") == 16)
{
- sprintf(path, "%s/%s", XLogDir, xlde->d_name);
+ snprintf(path, MAXPGPATH, "%s/%s", XLogDir, xlde->d_name);
if (unlink(path) < 0)
{
perror(path);
diff --git a/contrib/pgbench/pgbench.c b/contrib/pgbench/pgbench.c
index 2e64fa0ed5a..6e1813704c6 100644
--- a/contrib/pgbench/pgbench.c
+++ b/contrib/pgbench/pgbench.c
@@ -1,5 +1,5 @@
/*
- * $Header: /cvsroot/pgsql/contrib/pgbench/pgbench.c,v 1.17 2002/07/20 03:02:01 ishii Exp $
+ * $Header: /cvsroot/pgsql/contrib/pgbench/pgbench.c,v 1.18 2002/08/15 02:58:29 momjian Exp $
*
* pgbench: a simple TPC-B like benchmark program for PostgreSQL
* written by Tatsuo Ishii
@@ -310,26 +310,26 @@ doOne(CState * state, int n, int debug, int ttype)
gettimeofday(&(st->txn_begin), 0);
break;
case 1:
- sprintf(sql, "update accounts set abalance = abalance + %d where aid = %d\n", st->delta, st->aid);
+ snprintf(sql, 256, "update accounts set abalance = abalance + %d where aid = %d\n", st->delta, st->aid);
break;
case 2:
- sprintf(sql, "select abalance from accounts where aid = %d", st->aid);
+ snprintf(sql, 256, "select abalance from accounts where aid = %d", st->aid);
break;
case 3:
if (ttype == 0)
{
- sprintf(sql, "update tellers set tbalance = tbalance + %d where tid = %d\n",
+ snprintf(sql, 256, "update tellers set tbalance = tbalance + %d where tid = %d\n",
st->delta, st->tid);
break;
}
case 4:
if (ttype == 0)
{
- sprintf(sql, "update branches set bbalance = bbalance + %d where bid = %d", st->delta, st->bid);
+ snprintf(sql, 256, "update branches set bbalance = bbalance + %d where bid = %d", st->delta, st->bid);
break;
}
case 5:
- sprintf(sql, "insert into history(tid,bid,aid,delta,mtime) values(%d,%d,%d,%d,'now')",
+ snprintf(sql, 256, "insert into history(tid,bid,aid,delta,mtime) values(%d,%d,%d,%d,'now')",
st->tid, st->bid, st->aid, st->delta);
break;
case 6:
@@ -426,7 +426,7 @@ doSelectOnly(CState * state, int n, int debug)
{
case 0:
st->aid = getrand(1, naccounts * tps);
- sprintf(sql, "select abalance from accounts where aid = %d", st->aid);
+ snprintf(sql, 256, "select abalance from accounts where aid = %d", st->aid);
break;
}
@@ -500,7 +500,7 @@ init(void)
for (i = 0; i < nbranches * tps; i++)
{
- sprintf(sql, "insert into branches(bid,bbalance) values(%d,0)", i + 1);
+ snprintf(sql, 256, "insert into branches(bid,bbalance) values(%d,0)", i + 1);
res = PQexec(con, sql);
if (PQresultStatus(res) != PGRES_COMMAND_OK)
{
@@ -512,7 +512,7 @@ init(void)
for (i = 0; i < ntellers * tps; i++)
{
- sprintf(sql, "insert into tellers(tid,bid,tbalance) values (%d,%d,0)"
+ snprintf(sql, 256, "insert into tellers(tid,bid,tbalance) values (%d,%d,0)"
,i + 1, i / ntellers + 1);
res = PQexec(con, sql);
if (PQresultStatus(res) != PGRES_COMMAND_OK)
@@ -550,7 +550,7 @@ init(void)
PQclear(res);
}
- sprintf(sql, "%d\t%d\t%d\t\n", j, j / naccounts, 0);
+ snprintf(sql, 256, "%d\t%d\t%d\t\n", j, j / naccounts, 0);
if (PQputline(con, sql))
{
fprintf(stderr, "PQputline failed\n");
diff --git a/contrib/rserv/rserv.c b/contrib/rserv/rserv.c
index 54da14a6961..8672eb79cb6 100644
--- a/contrib/rserv/rserv.c
+++ b/contrib/rserv/rserv.c
@@ -102,9 +102,10 @@ _rserv_log_()
if (keynum == ObjectIdAttributeNumber)
{
- sprintf(oidbuf, "%u", rel->rd_rel->relhasoids
- ? HeapTupleGetOid(tuple)
- : InvalidOid);
+ snprintf(oidbuf, "%u", 64,
+ rel->rd_rel->relhasoids
+ ? HeapTupleGetOid(tuple)
+ : InvalidOid);
key = oidbuf;
}
else
@@ -129,7 +130,7 @@ _rserv_log_()
else
okey = key;
- sprintf(sql, "update _RSERV_LOG_ set logid = %d, logtime = now(), "
+ snprintf(sql, 8192, "update _RSERV_LOG_ set logid = %d, logtime = now(), "
"deleted = %d where reloid = %u and key = '%s'",
GetCurrentTransactionId(), deleted, rel->rd_id, okey);
@@ -148,7 +149,7 @@ _rserv_log_()
elog(ERROR, "_rserv_log_: duplicate tuples");
else if (SPI_processed == 0)
{
- sprintf(sql, "insert into _RSERV_LOG_ "
+ snprintf(sql, 8192, "insert into _RSERV_LOG_ "
"(reloid, logid, logtime, deleted, key) "
"values (%u, %d, now(), %d, '%s')",
rel->rd_id, GetCurrentTransactionId(),
@@ -173,7 +174,7 @@ _rserv_log_()
else
okey = newkey;
- sprintf(sql, "insert into _RSERV_LOG_ "
+ snprintf(sql, 8192, "insert into _RSERV_LOG_ "
"(reloid, logid, logtime, deleted, key) "
"values (%u, %d, now(), 0, '%s')",
rel->rd_id, GetCurrentTransactionId(), okey);
@@ -222,14 +223,15 @@ _rserv_sync_(int32 server)
buf[0] = 0;
for (xcnt = 0; xcnt < SerializableSnapshot->xcnt; xcnt++)
{
- sprintf(buf + strlen(buf), "%s%u", (xcnt) ? ", " : "",
+ snprintf(buf + strlen(buf), 8192 - strlen(buf),
+ "%s%u", (xcnt) ? ", " : "",
SerializableSnapshot->xip[xcnt]);
}
if ((ret = SPI_connect()) < 0)
elog(ERROR, "_rserv_sync_: SPI_connect returned %d", ret);
- sprintf(sql, "insert into _RSERV_SYNC_ "
+ snprintf(sql, 8192, "insert into _RSERV_SYNC_ "
"(server, syncid, synctime, status, minid, maxid, active) "
"values (%u, currval('_rserv_sync_seq_'), now(), 0, %d, %d, '%s')",
server, SerializableSnapshot->xmin, SerializableSnapshot->xmax, active);
diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c
index 55c0fd13e68..6355763f948 100644
--- a/contrib/spi/refint.c
+++ b/contrib/spi/refint.c
@@ -112,7 +112,7 @@ check_primary_key(PG_FUNCTION_ARGS)
* Construct ident string as TriggerName $ TriggeredRelationId and try
* to find prepared execution plan.
*/
- sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id);
+ snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
plan = find_plan(ident, &PPlans, &nPPlans);
/* if there is no plan then allocate argtypes for preparation */
@@ -160,10 +160,10 @@ check_primary_key(PG_FUNCTION_ARGS)
* Construct query: SELECT 1 FROM _referenced_relation_ WHERE
* Pkey1 = $1 [AND Pkey2 = $2 [...]]
*/
- sprintf(sql, "select 1 from %s where ", relname);
+ snprintf(sql, 8192, "select 1 from %s where ", relname);
for (i = 0; i < nkeys; i++)
{
- sprintf(sql + strlen(sql), "%s = $%d %s",
+ snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s",
args[i + nkeys + 1], i + 1, (i < nkeys - 1) ? "and " : "");
}
@@ -320,7 +320,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
* Construct ident string as TriggerName $ TriggeredRelationId and try
* to find prepared execution plan(s).
*/
- sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id);
+ snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
plan = find_plan(ident, &FPlans, &nFPlans);
/* if there is no plan(s) then allocate argtypes for preparation */
@@ -411,7 +411,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
*/
if (action == 'r')
- sprintf(sql, "select 1 from %s where ", relname);
+ snprintf(sql, 8192, "select 1 from %s where ", relname);
/*---------
* For 'C'ascade action we construct DELETE query
@@ -438,7 +438,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
char *nv;
int k;
- sprintf(sql, "update %s set ", relname);
+ snprintf(sql, 8192, "update %s set ", relname);
for (k = 1; k <= nkeys; k++)
{
int is_char_type = 0;
@@ -461,7 +461,8 @@ check_foreign_key(PG_FUNCTION_ARGS)
* is_char_type =1 i set ' ' for define a new
* value
*/
- sprintf(sql + strlen(sql), " %s = %s%s%s %s ",
+ snprintf(sql + strlen(sql), 8192 - strlen(sql),
+ " %s = %s%s%s %s ",
args2[k], (is_char_type > 0) ? "'" : "",
nv, (is_char_type > 0) ? "'" : "", (k < nkeys) ? ", " : "");
is_char_type = 0;
@@ -471,7 +472,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
}
else
/* DELETE */
- sprintf(sql, "delete from %s where ", relname);
+ snprintf(sql, 8192, "delete from %s where ", relname);
}
@@ -483,10 +484,11 @@ check_foreign_key(PG_FUNCTION_ARGS)
*/
else if (action == 's')
{
- sprintf(sql, "update %s set ", relname);
+ snprintf(sql, 8192, "update %s set ", relname);
for (i = 1; i <= nkeys; i++)
{
- sprintf(sql + strlen(sql), "%s = null%s",
+ snprintf(sql + strlen(sql), 8192 - strlen(sql),
+ "%s = null%s",
args2[i], (i < nkeys) ? ", " : "");
}
strcat(sql, " where ");
@@ -495,7 +497,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
/* Construct WHERE qual */
for (i = 1; i <= nkeys; i++)
{
- sprintf(sql + strlen(sql), "%s = $%d %s",
+ snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s",
args2[i], i, (i < nkeys) ? "and " : "");
}
@@ -545,7 +547,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
relname = args[0];
- sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id);
+ snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
plan = find_plan(ident, &FPlans, &nFPlans);
ret = SPI_execp(plan->splan[r], kvals, NULL, tcount);
/* we have no NULLs - so we pass ^^^^ here */
diff --git a/contrib/spi/timetravel.c b/contrib/spi/timetravel.c
index 1731190a5db..7bd30c109f9 100644
--- a/contrib/spi/timetravel.c
+++ b/contrib/spi/timetravel.c
@@ -250,7 +250,7 @@ timetravel(PG_FUNCTION_ARGS)
* Construct ident string as TriggerName $ TriggeredRelationId and try
* to find prepared execution plan.
*/
- sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id);
+ snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
plan = find_plan(ident, &Plans, &nPlans);
/* if there is no plan ... */
@@ -266,10 +266,10 @@ timetravel(PG_FUNCTION_ARGS)
/*
* Construct query: INSERT INTO _relation_ VALUES ($1, ...)
*/
- sprintf(sql, "INSERT INTO %s VALUES (", relname);
+ snprintf(sql, 8192, "INSERT INTO %s VALUES (", relname);
for (i = 1; i <= natts; i++)
{
- sprintf(sql + strlen(sql), "$%d%s",
+ snprintf(sql + strlen(sql), 8192 - strlen(sql), "$%d%s",
i, (i < natts) ? ", " : ")");
ctypes[i - 1] = SPI_gettypeid(tupdesc, i);
}
diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c
index cbeb562b32f..ac80ea361ad 100644
--- a/contrib/vacuumlo/vacuumlo.c
+++ b/contrib/vacuumlo/vacuumlo.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/contrib/vacuumlo/vacuumlo.c,v 1.12 2002/06/20 20:29:24 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/vacuumlo/vacuumlo.c,v 1.13 2002/08/15 02:58:29 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -288,7 +288,7 @@ vacuumlo(char *database, struct _param *param)
* Postgres-ism and not portable to other DBMSs, but then this
* whole program is a Postgres-ism.
*/
- sprintf(buf, "DELETE FROM vacuum_l WHERE lo = \"%s\".\"%s\" ",
+ snprintf(buf, BUFSIZE, "DELETE FROM vacuum_l WHERE lo = \"%s\".\"%s\" ",
table, field);
res2 = PQexec(conn, buf);
if (PQresultStatus(res2) != PGRES_COMMAND_OK)
--
GitLab