The following bug has been logged online:
Bug reference: 2672
Logged by: ragetron99
Email address: [EMAIL PROTECTED]
PostgreSQL version: 8.1.4
Operating system: irrelevant
Description: stored procedure argument and return type length
validation
Details:
PgSQL doesn't seem to perform length validation for variable-length types
used as arguments or return values in a stored procedure. The oidvector in
pg_proc used as the function signature seems to be the only type-related
specification that exists. Why are stored procedures (and whatever
functionality invokes them) expected to manually validate inputs in this
manner instead of having it automatically enforced?
$ create or replace function hello_tom_lane(varchar(3)) returns varchar(3)
as 'select $1;' language sql;
CREATE FUNCTION
$ select hello_tom_lane('hello tom lane why is this not limited to three
characters?');
hello_tom_lane
-------------------------------------------------------------
hello tom lane why is this not limited to three characters?
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
