"Christopher Kings-Lynne" <[EMAIL PROTECTED]> writes:
>> src/backend/port/dynloader/freebsd.c
> This one is perhaps dodgy. You ahve this:
> static char error_message[BUFSIZ];
> Then you have this:
> sprintf(error_message, "dlopen (%s) not supported", file);
> Where file isn't restricted in length I think...
Yeah. In practice I'm not sure there's a problem --- the callers may
all limit the filename string to MAXPGPATH, which is well below BUFSIZ.
But changing the sprintf to snprintf is a cheap, localized way to be
sure.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/users-lounge/docs/faq.html
