9c89540227
Prevent overrunning a heap-allocated buffer if more than 1024 parameters to a refcursor declaration are specified. This is a minimally-invasive fix for the buffer overrun. Define LATEST_LINK to avoid package name clashes between the different branches of PostgreSQL. [1] (Since postgresql-tcltk is hardwired to branch 7.4, keep its LATEST_LINK to a generic value.) Set UNIQUENAME and let it be the same for server & client, so each branch's ports will share the same options file. This adds some no-op knobs to the -client port, but IMO it is better this way. Add space inside paranthesis in OSVERSION conditional to work around (ancient) make bug. [2] Remove the Rendez-Vouz knob for 8.0 since I can't find the software needed to even compile it on FreeBSD. Bump portrevision (for -server only). Noted by: kris [1] PR: ports/77530 [2] Security: http://www.vuxml.org/freebsd/6b4b0b3f-8127-11d9-a9e7-0001020eed82.html Approved by: seanc (mentor)
70 lines
1.7 KiB
Plaintext
70 lines
1.7 KiB
Plaintext
--- src/pl/plpgsql/src/gram.y 2005/01/27 01:44:42 1.39.2.1 REL7_3_9
|
|
+++ src/pl/plpgsql/src/gram.y 2005/02/08 18:22:45 1.39.2.2 REL7_3_STABLE
|
|
@@ -4,7 +4,7 @@
|
|
* procedural language
|
|
*
|
|
* IDENTIFICATION
|
|
- * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.1 2005/01/27 01:44:42 neilc Exp $
|
|
+ * $Header: /cvsroot/pgsql/src/pl/plpgsql/src/gram.y,v 1.39.2.2 2005/02/08 18:22:45 tgl Exp $
|
|
*
|
|
* This software is copyrighted by Jan Wieck - Hamburg.
|
|
*
|
|
@@ -1612,6 +1612,14 @@ read_sql_construct(int until,
|
|
}
|
|
if (plpgsql_SpaceScanned)
|
|
plpgsql_dstring_append(&ds, " ");
|
|
+
|
|
+ /* Check for array overflow */
|
|
+ if (nparams >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = lno;
|
|
+ elog(ERROR, "too many variables specified in SQL statement");
|
|
+ }
|
|
+
|
|
switch (tok)
|
|
{
|
|
case T_VARIABLE:
|
|
@@ -1761,6 +1769,13 @@ make_select_stmt(void)
|
|
|
|
while ((tok = yylex()) == ',')
|
|
{
|
|
+ /* Check for array overflow */
|
|
+ if (nfields >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = yylineno;
|
|
+ elog(ERROR, "too many INTO variables specified");
|
|
+ }
|
|
+
|
|
tok = yylex();
|
|
switch(tok)
|
|
{
|
|
@@ -1809,6 +1824,14 @@ make_select_stmt(void)
|
|
|
|
if (plpgsql_SpaceScanned)
|
|
plpgsql_dstring_append(&ds, " ");
|
|
+
|
|
+ /* Check for array overflow */
|
|
+ if (nparams >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = yylineno;
|
|
+ elog(ERROR, "too many variables specified in SQL statement");
|
|
+ }
|
|
+
|
|
switch (tok)
|
|
{
|
|
case T_VARIABLE:
|
|
@@ -1892,6 +1915,13 @@ make_fetch_stmt(void)
|
|
|
|
while ((tok = yylex()) == ',')
|
|
{
|
|
+ /* Check for array overflow */
|
|
+ if (nfields >= 1024)
|
|
+ {
|
|
+ plpgsql_error_lineno = yylineno;
|
|
+ elog(ERROR, "too many INTO variables specified");
|
|
+ }
|
|
+
|
|
tok = yylex();
|
|
switch(tok)
|
|
{
|