summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Lane2005-02-08 18:22:45 +0000
committerTom Lane2005-02-08 18:22:45 +0000
commit013d778e32844dad30da3d64f40426c3bb00eaa8 (patch)
tree2e2930bd13e0ef6e8a42a0f52c65547e2d52134e
parentd40cda00f595f3ec14e103af16824d75aa226428 (diff)
Back-patch Neil's four additional buffer overrun checks.
-rw-r--r--src/pl/plpgsql/src/gram.y32
1 files changed, 31 insertions, 1 deletions
diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index 30cc0e92895..03babed2a17 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -4,7 +4,7 @@
* procedural language
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.1 2005/01/27 01:44:42 neilc Exp $
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.2 2005/02/08 18:22:45 tgl Exp $
*
* This software is copyrighted by Jan Wieck - Hamburg.
*
@@ -1612,6 +1612,14 @@ read_sql_construct(int until,
}
if (plpgsql_SpaceScanned)
plpgsql_dstring_append(&ds, " ");
+
+ /* Check for array overflow */
+ if (nparams >= 1024)
+ {
+ plpgsql_error_lineno = lno;
+ elog(ERROR, "too many variables specified in SQL statement");
+ }
+
switch (tok)
{
case T_VARIABLE:
@@ -1761,6 +1769,13 @@ make_select_stmt(void)
while ((tok = yylex()) == ',')
{
+ /* Check for array overflow */
+ if (nfields >= 1024)
+ {
+ plpgsql_error_lineno = yylineno;
+ elog(ERROR, "too many INTO variables specified");
+ }
+
tok = yylex();
switch(tok)
{
@@ -1809,6 +1824,14 @@ make_select_stmt(void)
if (plpgsql_SpaceScanned)
plpgsql_dstring_append(&ds, " ");
+
+ /* Check for array overflow */
+ if (nparams >= 1024)
+ {
+ plpgsql_error_lineno = yylineno;
+ elog(ERROR, "too many variables specified in SQL statement");
+ }
+
switch (tok)
{
case T_VARIABLE:
@@ -1892,6 +1915,13 @@ make_fetch_stmt(void)
while ((tok = yylex()) == ',')
{
+ /* Check for array overflow */
+ if (nfields >= 1024)
+ {
+ plpgsql_error_lineno = yylineno;
+ elog(ERROR, "too many INTO variables specified");
+ }
+
tok = yylex();
switch(tok)
{