From: Neil Conway <neilc@samurai.com>
Date: Fri, 21 Jan 2005 00:31:21 +0000 (+0000)
Subject: Prevent overrunning a heap-allocated buffer if more than 1024 parameters
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=1ce3543553ff9c1b0afd41e7be819b2ed41ada22;p=users%2Fbernd%2Fpostgres.git

Prevent overrunning a heap-allocated buffer if more than 1024 parameters
to a refcursor declaration are specified. This is a minimally-invasive fix
for the buffer overrun -- a more thorough cleanup will be checked into
HEAD.
---

diff --git a/src/pl/plpgsql/src/gram.y b/src/pl/plpgsql/src/gram.y
index d10bde619f..66f6edf246 100644
--- a/src/pl/plpgsql/src/gram.y
+++ b/src/pl/plpgsql/src/gram.y
@@ -512,6 +512,10 @@ decl_cursor_arglist : decl_cursor_arg
 					{
 						int i = $1->nfields++;
 
+						/* Guard against overflowing the array on malicious input */
+						if (i >= 1024)
+							yyerror("too many parameters specified for refcursor");
+
 						$1->fieldnames[i] = $3->refname;
 						$1->varnos[i] = $3->varno;