Martin Pitt wrote:
> The problem is that make_string() in misc.c does not check whether
> the target buffer is big enough to hold the copied string.
>
> I added a bufsize parameter to make_string() and used it in all calls
> to it. I tried it with my php4 crash test script and now it works
> properly.
Silently truncating various pieces of information is probably not the
right thing. What are you truncating? If it's a query string you
might open yourself up to SQL-injection type problems.
Plus, the ODBC driver appears to have buffer overruns all over the
place. We need to replace every instance of strcpy, strcat, sprintf,
make_string, and the various other feeble attempts with pqexpbuffer
from libpq. That's the only way to solve this problem once and for
all.
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
