On Thu, Feb 15, 2024 at 05:17:17PM +0700, Oleg Tselebrovskiy wrote:
> Thanks for review!
dt_common.c is quite amazing, the APIs that we have in it rely on
strcpy() but we have no idea of the length of the buffer string given
in input to store the result. This would require breaking the
existing A
Thanks for review!
I added a regression test that is based on code from previous email
New patch is attached
Oleg Tselebrovskiy, Postgres Prodiff --git a/src/interfaces/ecpg/compatlib/informix.c b/src/interfaces/ecpg/compatlib/informix.c
index dccf39582da..80d40aa3e09 100644
--- a/src/interface
On Thu, Feb 15, 2024 at 12:15:40PM +0700, Oleg Tselebrovskiy wrote:
> Greetings again.
> I was looking through more static analyzer output and found another problem.
> In ecpg/pgtypeslib/dt_common.c there are 4 calls of pgtypes_alloc.
> This function uses calloc and returns NULL if OOM, but we don'
Greetings again.
I was looking through more static analyzer output and found another
problem.
In ecpg/pgtypeslib/dt_common.c there are 4 calls of pgtypes_alloc.
This function uses calloc and returns NULL if OOM, but we don't check
its
return value and immediately pass it to strcpy, which could
Here's the code for bug reproduction:
#include
#include
EXEC SQL INCLUDE pgtypes_interval.h;
EXEC SQL INCLUDE ecpg_informix.h;
EXEC SQL BEGIN DECLARE SECTION;
char dirty_str[100] = "a__c_d_";
interval *interval_ptr;
EXEC SQL END DECLARE SECTION;
On Mon, Jan 29, 2024 at 2:17 PM wrote:
>
> Greetings, everyone!
>
> While analyzing output of Svace static analyzer [1] I've found a bug.
>
> In function intoasc(interval * i, char *str) from file
> src/interfaces/ecpg/compatlib/informix.c
> we return a non-terminated string since we use memcpy on
Greetings, everyone!
While analyzing output of Svace static analyzer [1] I've found a bug.
In function intoasc(interval * i, char *str) from file
src/interfaces/ecpg/compatlib/informix.c
we return a non-terminated string since we use memcpy on tmp which is
itself NULL-teminated but
last zero