I checked all the previous string handling errors and most of them were

already fixed by You. However there were a few left and attached patch
should fix the rest of them.

I used StringInfo only in 2 places and both of them are inside debug
ifdefs. Only performance penalty will come from using strlen() like all
the other code does.

I also modified some of the already patched parts by changing
snprintf(buf, 2 * BUFSIZE, ... style lines to
snprintf(buf, sizeof(buf), ... where buf is an array.

Jukka Holappa

diff --git a/contrib/cube/cubeparse.y b/contrib/cube/cubeparse.y
index accad12511a11cc5418166393f953cc00ecb96b9..887528eb03dc2948ea94440cff625abc770be574 100644 (file)
--- a/contrib/cube/cubeparse.y
+++ b/contrib/cube/cubeparse.y
@@ -164,8 +164,9 @@ int cube_yyerror ( char *msg ) {
 
   position = parse_buffer_pos() > parse_buffer_size() ? parse_buffer_pos() - 1 : parse_buffer_pos();
 
-  sprintf(
+  snprintf(
      buf, 
+     256,
      "%s at or before position %d, character ('%c', \\%03o), input: '%s'\n", 
      msg,
      position,

diff --git a/contrib/intarray/_int.c b/contrib/intarray/_int.c
index 1c0de0bce80a59cc6cc8305b5532deeb0997a0d6..75ebf5d8dda899a0ae042bd79847079f80f102e1 100644 (file)
--- a/contrib/intarray/_int.c
+++ b/contrib/intarray/_int.c
@@ -22,6 +22,7 @@
 #include "utils/array.h"
 #include "utils/builtins.h"
 #include "storage/bufpage.h"
+#include "lib/stringinfo.h"
 
 /* number ranges for compression */
 #define MAXNUMRANGE 100
@@ -99,20 +100,19 @@ typedef char *BITVECP;
 static void
 printarr(ArrayType *a, int num)
 {
-   char        bbb[16384];
+   StringInfoData  bbb;
    char       *cur;
    int         l;
    int        *d;
 
    d = ARRPTR(a);
-   *bbb = '\0';
-   cur = bbb;
+   initStringInfo(&bbb);
    for (l = 0; l < min(num, ARRNELEMS(a)); l++)
    {
-       sprintf(cur, "%d ", d[l]);
-       cur = strchr(cur, '\0');
+       appendStringInfo(&bbb, "%d ", d[l]);
    }
-   elog(DEBUG3, "\t\t%s", bbb);
+   elog(DEBUG3, "\t\t%s", bbb.data);
+   pfree(bbb.data);
 }
 static void
 printbitvec(BITVEC bv)
@@ -1924,7 +1924,7 @@ bqarr_in(PG_FUNCTION_ARGS) {
    NODE *tmp;
    int4 pos=0;
 #ifdef BS_DEBUG
-   char pbuf[16384],*cur;
+   StringInfoData  pbuf;
 #endif
 
    state.buf = buf;
@@ -1955,16 +1955,15 @@ bqarr_in(PG_FUNCTION_ARGS) {
    pos = query->size-1;
    findoprnd( ptr, &pos );
 #ifdef BS_DEBUG
-   cur = pbuf;
-   *cur = '\0';
+   initStringInfo(&pbuf);
    for( i=0;isize;i++ ) {
        if ( ptr[i].type == OPR )
-           sprintf(cur, "%c(%d) ", ptr[i].val, ptr[i].left);
+           appendStringInfo(&pbuf, "%c(%d) ", ptr[i].val, ptr[i].left);
        else
-           sprintf(cur, "%d ", ptr[i].val );
-       cur = strchr(cur,'\0');
+           appendStringInfo(&pbuf, "%d ", ptr[i].val );
    }
-   elog(DEBUG3,"POR: %s", pbuf);
+   elog(DEBUG3,"POR: %s", pbuf.data);
+   pfree(pbuf.data);
 #endif
 
    PG_RETURN_POINTER( query );

diff --git a/contrib/seg/segparse.y b/contrib/seg/segparse.y
index 10a4227c19044710c7a31984d81fd0348ec526af..3ffcbff4170444953100c5dda63b7bef7dc795fe 100644 (file)
--- a/contrib/seg/segparse.y
+++ b/contrib/seg/segparse.y
@@ -144,7 +144,7 @@ float seg_atof ( char *value ) {
   sscanf(value, "%f", &result);
 
   if ( errno ) {
-    sprintf(buf, "numeric value %s unrepresentable", value);
+    snprintf(buf, 256, "numeric value %s unrepresentable", value);
     reset_parse_buffer();     
     elog(ERROR, buf);
   }
@@ -165,8 +165,9 @@ int seg_yyerror ( char *msg ) {
 
   position = parse_buffer_pos() > parse_buffer_size() ? parse_buffer_pos() - 1 : parse_buffer_pos();
 
-  sprintf(
+  snprintf(
      buf, 
+     256,
      "%s at or near position %d, character ('%c', \\%03o), input: '%s'\n", 
      msg,
      position,

diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c
index 6355763f94874c634fb88695960895c5031e34f4..e1688c98a19d11315843e93176941f748f4528f6 100644 (file)
--- a/contrib/spi/refint.c
+++ b/contrib/spi/refint.c
@@ -112,7 +112,7 @@ check_primary_key(PG_FUNCTION_ARGS)
     * Construct ident string as TriggerName $ TriggeredRelationId and try
     * to find prepared execution plan.
     */
-   snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+   snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
    plan = find_plan(ident, &PPlans, &nPPlans);
 
    /* if there is no plan then allocate argtypes for preparation */
@@ -160,10 +160,10 @@ check_primary_key(PG_FUNCTION_ARGS)
         * Construct query: SELECT 1 FROM _referenced_relation_ WHERE
         * Pkey1 = $1 [AND Pkey2 = $2 [...]]
         */
-       snprintf(sql, 8192, "select 1 from %s where ", relname);
+       snprintf(sql, sizeof(sql), "select 1 from %s where ", relname);
        for (i = 0; i < nkeys; i++)
        {
-           snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s",
+           snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
              args[i + nkeys + 1], i + 1, (i < nkeys - 1) ? "and " : "");
        }
 
@@ -320,7 +320,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
     * Construct ident string as TriggerName $ TriggeredRelationId and try
     * to find prepared execution plan(s).
     */
-   snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+   snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
    plan = find_plan(ident, &FPlans, &nFPlans);
 
    /* if there is no plan(s) then allocate argtypes for preparation */
@@ -411,7 +411,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
             */
            if (action == 'r')
 
-               snprintf(sql, 8192, "select 1 from %s where ", relname);
+               snprintf(sql, sizeof(sql), "select 1 from %s where ", relname);
 
            /*---------
             * For 'C'ascade action we construct DELETE query
@@ -438,7 +438,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                    char       *nv;
                    int         k;
 
-                   snprintf(sql, 8192, "update %s set ", relname);
+                   snprintf(sql, sizeof(sql), "update %s set ", relname);
                    for (k = 1; k <= nkeys; k++)
                    {
                        int         is_char_type = 0;
@@ -461,7 +461,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                         * is_char_type =1 i set ' ' for define a new
                         * value
                         */
-                       snprintf(sql + strlen(sql), 8192 - strlen(sql),
+                       snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
                                " %s = %s%s%s %s ",
                                args2[k], (is_char_type > 0) ? "'" : "",
                                nv, (is_char_type > 0) ? "'" : "", (k < nkeys) ? ", " : "");
@@ -472,7 +472,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                }
                else
 /* DELETE */
-                   snprintf(sql, 8192, "delete from %s where ", relname);
+                   snprintf(sql, sizeof(sql), "delete from %s where ", relname);
 
            }
 
@@ -484,10 +484,10 @@ check_foreign_key(PG_FUNCTION_ARGS)
             */
            else if (action == 's')
            {
-               snprintf(sql, 8192, "update %s set ", relname);
+               snprintf(sql, sizeof(sql), "update %s set ", relname);
                for (i = 1; i <= nkeys; i++)
                {
-                   snprintf(sql + strlen(sql), 8192 - strlen(sql),
+                   snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
                            "%s = null%s",
                            args2[i], (i < nkeys) ? ", " : "");
                }
@@ -497,7 +497,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
            /* Construct WHERE qual */
            for (i = 1; i <= nkeys; i++)
            {
-               snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s",
+               snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
                        args2[i], i, (i < nkeys) ? "and " : "");
            }
 
@@ -547,7 +547,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
 
        relname = args[0];
 
-       snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+       snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
        plan = find_plan(ident, &FPlans, &nFPlans);
        ret = SPI_execp(plan->splan[r], kvals, NULL, tcount);
        /* we have no NULLs - so we pass   ^^^^  here */

diff --git a/contrib/spi/timetravel.c b/contrib/spi/timetravel.c
index 7bd30c109f9e5eeb18f5a36fe56eef16e5a6ba3e..771e9248b89e2db4d9f6917eb835d5d611c5763d 100644 (file)
--- a/contrib/spi/timetravel.c
+++ b/contrib/spi/timetravel.c
@@ -250,7 +250,7 @@ timetravel(PG_FUNCTION_ARGS)
     * Construct ident string as TriggerName $ TriggeredRelationId and try
     * to find prepared execution plan.
     */
-   snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+   snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
    plan = find_plan(ident, &Plans, &nPlans);
 
    /* if there is no plan ... */
@@ -266,10 +266,10 @@ timetravel(PG_FUNCTION_ARGS)
        /*
         * Construct query: INSERT INTO _relation_ VALUES ($1, ...)
         */
-       snprintf(sql, 8192, "INSERT INTO %s VALUES (", relname);
+       snprintf(sql, sizeof(sql), "INSERT INTO %s VALUES (", relname);
        for (i = 1; i <= natts; i++)
        {
-           snprintf(sql + strlen(sql), 8192 - strlen(sql), "$%d%s",
+           snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "$%d%s",
                    i, (i < natts) ? ", " : ")");
            ctypes[i - 1] = SPI_gettypeid(tupdesc, i);
        }

diff --git a/doc/src/sgml/spi.sgml b/doc/src/sgml/spi.sgml
index ca6d62e1ae16eeb25698515575a52e04cf5688a9..e25c2a259cc0250f2b7cd3aca77f43559acce994 100644 (file)
--- a/doc/src/sgml/spi.sgml
+++ b/doc/src/sgml/spi.sgml
@@ -1,5 +1,5 @@
 
 
 
@@ -3815,7 +3815,7 @@ execq(text *sql, int cnt)
             HeapTuple tuple = tuptable->vals[j];
             
             for (i = 1, buf[0] = 0; i <= tupdesc->natts; i++)
-                sprintf(buf + strlen (buf), " %s%s",
+                snprintf(buf + strlen (buf), sizeof(buf) - strlen(buf)," %s%s",
                         SPI_getvalue(tuple, tupdesc, i),
                         (i == tupdesc->natts) ? " " : " |");
             elog (INFO, "EXECQ: %s", buf);

diff --git a/src/backend/parser/analyze.c b/src/backend/parser/analyze.c
index 7abb2abfd600f8133e5b67afdb65a21bfb0c9298..9896011df39571ee98a71c400b91c38f9cc3d9b5 100644 (file)
--- a/src/backend/parser/analyze.c
+++ b/src/backend/parser/analyze.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.246 2002/08/29 07:22:22 ishii Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.247 2002/09/02 06:11:42 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -2153,7 +2153,7 @@ transformSetOperationTree(ParseState *pstate, SelectStmt *stmt)
        /*
         * Make the leaf query be a subquery in the top-level rangetable.
         */
-       snprintf(selectName, 32, "*SELECT* %d", length(pstate->p_rtable) + 1);
+       snprintf(selectName, sizeof(selectName), "*SELECT* %d", length(pstate->p_rtable) + 1);
        rte = addRangeTableEntryForSubquery(pstate,
                                            selectQuery,
                                            makeAlias(selectName, NIL),

diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c
index a3b959fe8f832e632b1ed9b3ae31f35ee3a85642..83c97fb75503f528517aa13dc28ece463a9e8070 100644 (file)
--- a/src/backend/storage/file/fd.c
+++ b/src/backend/storage/file/fd.c
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/backend/storage/file/fd.c,v 1.94 2002/09/02 02:47:03 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/backend/storage/file/fd.c,v 1.95 2002/09/02 06:11:42 momjian Exp $
  *
  * NOTES:
  *
@@ -344,14 +344,14 @@ _dump_lru(void)
    Vfd        *vfdP = &VfdCache[mru];
    char        buf[2048];
 
-   sprintf(buf, "LRU: MOST %d ", mru);
+   snprintf(buf, sizeof(buf), "LRU: MOST %d ", mru);
    while (mru != 0)
    {
        mru = vfdP->lruLessRecently;
        vfdP = &VfdCache[mru];
-       sprintf(buf + strlen(buf), "%d ", mru);
+       snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru);
    }
-   sprintf(buf + strlen(buf), "LEAST");
+   snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST");
    elog(LOG, buf);
 }
 #endif   /* FDDEBUG */

diff --git a/src/backend/utils/adt/ri_triggers.c b/src/backend/utils/adt/ri_triggers.c
index f50f240fc35a4e9cfdbe707bf80e34171740a413..f6d56d0d5537a9304f8cbb4f42db32ce58995000 100644 (file)
--- a/src/backend/utils/adt/ri_triggers.c
+++ b/src/backend/utils/adt/ri_triggers.c
@@ -17,7 +17,7 @@
  *
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  *
- * $Header: /cvsroot/pgsql/src/backend/utils/adt/ri_triggers.c,v 1.40 2002/07/30 16:33:21 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/ri_triggers.c,v 1.41 2002/09/02 06:11:42 momjian Exp $
  *
  * ----------
  */
@@ -262,7 +262,7 @@ RI_FKey_check(PG_FUNCTION_ARGS)
             * ----------
             */
            quoteRelationName(pkrelname, pk_rel);
-           sprintf(querystr, "SELECT 1 FROM ONLY %s x FOR UPDATE OF x",
+           snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x FOR UPDATE OF x",
                    pkrelname);
 
            /*
@@ -413,13 +413,13 @@ RI_FKey_check(PG_FUNCTION_ARGS)
         * ----------
         */
        quoteRelationName(pkrelname, pk_rel);
-       sprintf(querystr, "SELECT 1 FROM ONLY %s x", pkrelname);
+       snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", pkrelname);
        querysep = "WHERE";
        for (i = 0; i < qkey.nkeypairs; i++)
        {
            quoteOneName(attname,
                         tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_PK_IDX]);
-           sprintf(querystr + strlen(querystr), " %s %s = $%d",
+           snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                    querysep, attname, i+1);
            querysep = "AND";
            queryoids[i] = SPI_gettypeid(fk_rel->rd_att,
@@ -614,13 +614,13 @@ ri_Check_Pk_Match(Relation pk_rel, HeapTuple old_row, Oid tgoid, int match_type,
         * ----------
         */
        quoteRelationName(pkrelname, pk_rel);
-       sprintf(querystr, "SELECT 1 FROM ONLY %s x", pkrelname);
+       snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", pkrelname);
        querysep = "WHERE";
        for (i = 0; i < qkey.nkeypairs; i++)
        {
            quoteOneName(attname,
                         tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_PK_IDX]);
-           sprintf(querystr + strlen(querystr), " %s %s = $%d",
+           snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                    querysep, attname, i+1);
            querysep = "AND";
            queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -816,13 +816,13 @@ RI_FKey_noaction_del(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                querysep = "WHERE";
                for (i = 0; i < qkey.nkeypairs; i++)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                            querysep, attname, i+1);
                    querysep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1050,13 +1050,13 @@ RI_FKey_noaction_upd(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                querysep = "WHERE";
                for (i = 0; i < qkey.nkeypairs; i++)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                            querysep, attname, i+1);
                    querysep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1257,13 +1257,13 @@ RI_FKey_cascade_del(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "DELETE FROM ONLY %s", fkrelname);
+               snprintf(querystr, sizeof(querystr), "DELETE FROM ONLY %s", fkrelname);
                querysep = "WHERE";
                for (i = 0; i < qkey.nkeypairs; i++)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                            querysep, attname, i+1);
                    querysep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1474,7 +1474,7 @@ RI_FKey_cascade_upd(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                qualstr[0] = '\0';
                querysep = "";
                qualsep = "WHERE";
@@ -1482,9 +1482,9 @@ RI_FKey_cascade_upd(PG_FUNCTION_ARGS)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), "%s %s = $%d",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = $%d",
                            querysep, attname, i+1);
-                   sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                   snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                            qualsep, attname, j+1);
                    querysep = ",";
                    qualsep = "AND";
@@ -1698,13 +1698,13 @@ RI_FKey_restrict_del(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                querysep = "WHERE";
                for (i = 0; i < qkey.nkeypairs; i++)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                            querysep, attname, i+1);
                    querysep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1926,13 +1926,13 @@ RI_FKey_restrict_upd(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                querysep = "WHERE";
                for (i = 0; i < qkey.nkeypairs; i++)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                            querysep, attname, i+1);
                    querysep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -2140,7 +2140,7 @@ RI_FKey_setnull_del(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                qualstr[0] = '\0';
                querysep = "";
                qualsep = "WHERE";
@@ -2148,9 +2148,9 @@ RI_FKey_setnull_del(PG_FUNCTION_ARGS)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                            querysep, attname);
-                   sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                   snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                            qualsep, attname, i+1);
                    querysep = ",";
                    qualsep = "AND";
@@ -2384,7 +2384,7 @@ RI_FKey_setnull_upd(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                qualstr[0] = '\0';
                querysep = "";
                qualsep = "WHERE";
@@ -2400,11 +2400,11 @@ RI_FKey_setnull_upd(PG_FUNCTION_ARGS)
                      !ri_OneKeyEqual(pk_rel, i, old_row, new_row, &qkey,
                                      RI_KEYPAIR_PK_IDX))
                    {
-                       sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                                querysep, attname);
                        querysep = ",";
                    }
-                   sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                   snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                            qualsep, attname, i+1);
                    qualsep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -2616,7 +2616,7 @@ RI_FKey_setdefault_del(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                qualstr[0] = '\0';
                querysep = "";
                qualsep = "WHERE";
@@ -2624,9 +2624,9 @@ RI_FKey_setdefault_del(PG_FUNCTION_ARGS)
                {
                    quoteOneName(attname,
                                 tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                   sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                   snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                            querysep, attname);
-                   sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                   snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                            qualsep, attname, i+1);
                    querysep = ",";
                    qualsep = "AND";
@@ -2885,7 +2885,7 @@ RI_FKey_setdefault_upd(PG_FUNCTION_ARGS)
                 * ----------
                 */
                quoteRelationName(fkrelname, fk_rel);
-               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                qualstr[0] = '\0';
                querysep = "";
                qualsep = "WHERE";
@@ -2901,11 +2901,11 @@ RI_FKey_setdefault_upd(PG_FUNCTION_ARGS)
                        !ri_OneKeyEqual(pk_rel, i, old_row,
                                      new_row, &qkey, RI_KEYPAIR_PK_IDX))
                    {
-                       sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                                querysep, attname);
                        querysep = ",";
                    }
-                   sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                   snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                            qualsep, attname, i+1);
                    qualsep = "AND";
                    queryoids[i] = SPI_gettypeid(pk_rel->rd_att,

diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index d552f63a3a81b4a37e6e9e84580bc7f6605bc4fd..0e6500a707b8a649a8556b68c6088c8f351957c1 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -22,7 +22,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.295 2002/08/29 00:17:05 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.296 2002/09/02 06:11:42 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -5706,7 +5706,7 @@ setMaxOid(Archive *fout)
    PQclear(res);
    if (g_verbose)
        write_msg(NULL, "maximum system oid is %u\n", max_oid);
-   snprintf(sql, 1024,
+   snprintf(sql, sizeof(sql),
             "CREATE TEMPORARY TABLE pgdump_oid (dummy integer);\n"
             "COPY pgdump_oid WITH OIDS FROM stdin;\n"
             "%u\t0\n"

diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
index 1311209f69de34440a4228dbada57dfba6881c36..000402216a9c4615ef0afbf5e7c123a1a4fbbb4f 100644 (file)
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -3,7 +3,7 @@
  *
  * Copyright 2000-2002 by PostgreSQL Global Development Group
  *
- * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.78 2002/08/14 05:49:22 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.79 2002/09/02 06:11:42 momjian Exp $
  */
 #include "postgres_fe.h"
 #include "command.h"
@@ -1549,7 +1549,7 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf)
 #ifndef WIN32
        const char *tmpdirenv = getenv("TMPDIR");
 
-       sprintf(fnametmp, "%s/psql.edit.%ld.%ld",
+       snprintf(fnametmp, sizeof(fnametmp), "%s/psql.edit.%ld.%ld",
                tmpdirenv ? tmpdirenv : "/tmp",
                (long) geteuid(), (long) getpid());
 #else

diff --git a/src/interfaces/ecpg/preproc/pgc.l b/src/interfaces/ecpg/preproc/pgc.l
index 20f08b6182a1d592452c7f6f0c66d4d89a9d7ff9..d9d09d90f75821939c83c48c76a1204ccd831378 100644 (file)
--- a/src/interfaces/ecpg/preproc/pgc.l
+++ b/src/interfaces/ecpg/preproc/pgc.l
@@ -12,7 +12,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/pgc.l,v 1.98 2002/07/30 16:33:08 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/pgc.l,v 1.99 2002/09/02 06:11:42 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -405,7 +405,7 @@ cppline         {space}*#(.*\\{space})*.*
                            mmerror(PARSE_ERROR, ET_ERROR, "zero-length delimited identifier");
                        if (literallen >= NAMEDATALEN)
                        {
-                           sprintf(errortext, "identifier \"%s\" will be truncated to \"%.*s\"",
+                           snprintf(errortext, sizeof(errortext), "identifier \"%s\" will be truncated to \"%.*s\"",
                                    literalbuf, NAMEDATALEN-1, literalbuf);
                            literalbuf[NAMEDATALEN-1] = '\0';
                            mmerror(PARSE_ERROR, ET_WARNING, errortext);
@@ -831,7 +831,7 @@ cppline         {space}*#(.*\\{space})*.*
                                fprintf(stderr, "Error: Path %s/%s is too long in line %d, skipping.\n", ip->path, yytext, yylineno);
                                continue;
                            }
-                           sprintf (inc_file, "%s/%s", ip->path, yytext);
+                           snprintf (inc_file, sizeof(inc_file), "%s/%s", ip->path, yytext);
                            yyin = fopen( inc_file, "r" );
                            if (!yyin)
                            {
@@ -844,7 +844,7 @@ cppline         {space}*#(.*\\{space})*.*
                        }
                        if (!yyin)
                        {
-                           sprintf(errortext, "Cannot open include file %s in line %d\n", yytext, yylineno);
+                           snprintf(errortext, sizeof(errortext), "Cannot open include file %s in line %d\n", yytext, yylineno);
                            mmerror(NO_INCLUDE_FILE, ET_FATAL, errortext);
                        }
 

diff --git a/src/interfaces/ecpg/preproc/preproc.y b/src/interfaces/ecpg/preproc/preproc.y
index 008523350e1313051fe203425c1e72c6bf039a18..7069d5611d77a1f793eb58c444afa4eb29dc46df 100644 (file)
--- a/src/interfaces/ecpg/preproc/preproc.y
+++ b/src/interfaces/ecpg/preproc/preproc.y
@@ -1,4 +1,4 @@
-/* $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/Attic/preproc.y,v 1.195 2002/07/21 11:09:41 meskes Exp $ */
+/* $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/Attic/preproc.y,v 1.196 2002/09/02 06:11:43 momjian Exp $ */
 
 /* Copyright comment */
 %{
@@ -582,7 +582,7 @@ stmt:  AlterDatabaseSetStmt { output_statement($1, 0, connection); }
 
            if (ptr == NULL)
            {
-               sprintf(errortext, "trying to open undeclared cursor %s\n", $1);
+               snprintf(errortext, sizeof(errortext), "trying to open undeclared cursor %s\n", $1);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -1119,7 +1119,7 @@ columnDef:    ColId Typename ColQualList opt_collate
        {
            if (strlen($4) > 0)
            {
-               sprintf(errortext, "Currently unsupported CREATE TABLE / COLLATE %s will be passed to backend", $4);
+               snprintf(errortext, sizeof(errortext), "Currently unsupported CREATE TABLE / COLLATE %s will be passed to backend", $4);
                mmerror(PARSE_ERROR, ET_WARNING, errortext);
            }
            $$ = cat_str(4, $1, $2, $3, $4);
@@ -2406,7 +2406,7 @@ CursorStmt:  DECLARE name opt_cursor CURSOR FOR SelectStmt
                if (strcmp($2, ptr->name) == 0)
                {
                        /* re-definition is a bug */
-                   sprintf(errortext, "cursor %s already defined", $2);
+                   snprintf(errortext, sizeof(errortext), "cursor %s already defined", $2);
                    mmerror(PARSE_ERROR, ET_ERROR, errortext);
                }
            }
@@ -3628,7 +3628,7 @@ connection_target: database_name opt_server opt_port
            /* old style: dbname[@server][:port] */
            if (strlen($2) > 0 && *($2) != '@')
            {
-               sprintf(errortext, "Expected '@', found '%s'", $2);
+               sprintf(errortext, sizeof(errortext), "Expected '@', found '%s'", $2);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -3639,13 +3639,13 @@ connection_target: database_name opt_server opt_port
            /* new style: :postgresql://server[:port][/dbname] */
            if (strncmp($1, "unix:postgresql", strlen("unix:postgresql")) != 0 && strncmp($1, "tcp:postgresql", strlen("tcp:postgresql")) != 0)
            {
-               sprintf(errortext, "only protocols 'tcp' and 'unix' and database type 'postgresql' are supported");
+               snprintf(errortext, sizeof(errortext), "only protocols 'tcp' and 'unix' and database type 'postgresql' are supported");
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
            if (strncmp($3, "//", strlen("//")) != 0)
            {
-               sprintf(errortext, "Expected '://', found '%s'", $3);
+               snprintf(errortext, sizeof(errortext), "Expected '://', found '%s'", $3);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -3653,7 +3653,7 @@ connection_target: database_name opt_server opt_port
                strncmp($3 + strlen("//"), "localhost", strlen("localhost")) != 0 &&
                strncmp($3 + strlen("//"), "127.0.0.1", strlen("127.0.0.1")) != 0)
            {
-               sprintf(errortext, "unix domain sockets only work on 'localhost' but not on '%9.9s'", $3 + strlen("//"));
+               snprintf(errortext, sizeof(errortext), "unix domain sockets only work on 'localhost' but not on '%9.9s'", $3 + strlen("//"));
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -3686,13 +3686,13 @@ db_prefix: ident CVARIABLE
        {
            if (strcmp($2, "postgresql") != 0 && strcmp($2, "postgres") != 0)
            {
-               sprintf(errortext, "Expected 'postgresql', found '%s'", $2);
+               snprintf(errortext, sizeof(errortext), "Expected 'postgresql', found '%s'", $2);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
            if (strcmp($1, "tcp") != 0 && strcmp($1, "unix") != 0)
            {
-               sprintf(errortext, "Illegal connection type %s", $1);
+               snprintf(errortext, sizeof(errortext), "Illegal connection type %s", $1);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -3704,7 +3704,7 @@ server: Op server_name
        {
            if (strcmp($1, "@") != 0 && strcmp($1, "//") != 0)
            {
-               sprintf(errortext, "Expected '@' or '://', found '%s'", $1);
+               snprintf(errortext, sizeof(errortext), "Expected '@' or '://', found '%s'", $1);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -3806,7 +3806,7 @@ opt_options: Op ColId
 
            if (strcmp($1, "?") != 0)
            {
-               sprintf(errortext, "unrecognised token '%s'", $1);
+               snprintf(errortext, sizeof(errortext), "unrecognised token '%s'", $1);
                mmerror(PARSE_ERROR, ET_ERROR, errortext);
            }
 
@@ -3829,7 +3829,7 @@ ECPGCursorStmt:  DECLARE name opt_cursor CURSOR FOR ident
                if (strcmp($2, ptr->name) == 0)
                {
                        /* re-definition is a bug */
-                   sprintf(errortext, "cursor %s already defined", $2);
+                   snprintf(errortext, sizeof(errortext), "cursor %s already defined", $2);
                    mmerror(PARSE_ERROR, ET_ERROR, errortext);
                }
            }
@@ -3923,7 +3923,7 @@ type_declaration: S_TYPEDEF
                if (strcmp($5, ptr->name) == 0)
                {
                        /* re-definition is a bug */
-                   sprintf(errortext, "Type %s already defined", $5);
+                   snprintf(errortext, sizeof(errortext), "Type %s already defined", $5);
                    mmerror(PARSE_ERROR, ET_ERROR, errortext);
                }
            }
@@ -4528,7 +4528,7 @@ ECPGTypedef: TYPE_P
                    if (strcmp($3, ptr->name) == 0)
                    {
                        /* re-definition is a bug */
-                       sprintf(errortext, "Type %s already defined", $3);
+                       snprintf(errortext, sizeof(errortext), "Type %s already defined", $3);
                        mmerror(PARSE_ERROR, ET_ERROR, errortext);
                    }
                }

diff --git a/src/interfaces/ecpg/preproc/variable.c b/src/interfaces/ecpg/preproc/variable.c
index cee7ab3cf50fd39636545b69da72bfc632112d56..fd8b7c979433a5dd20d263f4a546fca6f0a9ac76 100644 (file)
--- a/src/interfaces/ecpg/preproc/variable.c
+++ b/src/interfaces/ecpg/preproc/variable.c
@@ -80,13 +80,13 @@ find_struct(char *name, char *next)
    {
        if (p->type->type != ECPGt_array)
        {
-           sprintf(errortext, "variable %s is not a pointer", name);
+           snprintf(errortext, sizeof(errortext), "variable %s is not a pointer", name);
            mmerror(PARSE_ERROR, ET_FATAL, errortext);
        }
 
        if (p->type->u.element->type != ECPGt_struct && p->type->u.element->type != ECPGt_union)
        {
-           sprintf(errortext, "variable %s is not a pointer to a structure or a union", name);
+           snprintf(errortext, sizeof(errortext), "variable %s is not a pointer to a structure or a union", name);
            mmerror(PARSE_ERROR, ET_FATAL, errortext);
        }
 
@@ -100,7 +100,7 @@ find_struct(char *name, char *next)
    {
        if (p->type->type != ECPGt_struct && p->type->type != ECPGt_union)
        {
-           sprintf(errortext, "variable %s is neither a structure nor a union", name);
+           snprintf(errortext, sizeof(errortext), "variable %s is neither a structure nor a union", name);
            mmerror(PARSE_ERROR, ET_FATAL, errortext);
        }
 
@@ -142,7 +142,7 @@ find_variable(char *name)
 
    if (p == NULL)
    {
-       sprintf(errortext, "The variable %s is not declared", name);
+       snprintf(errortext, sizeof(errortext), "The variable %s is not declared", name);
        mmerror(PARSE_ERROR, ET_FATAL, errortext);
    }
 
@@ -290,7 +290,7 @@ get_typedef(char *name)
    for (this = types; this && strcmp(this->name, name); this = this->next);
    if (!this)
    {
-       sprintf(errortext, "invalid datatype '%s'", name);
+       snprintf(errortext, sizeof(errortext), "invalid datatype '%s'", name);
        mmerror(PARSE_ERROR, ET_FATAL, errortext);
    }
 
@@ -320,7 +320,7 @@ adjust_array(enum ECPGttype type_enum, int *dimension, int *length, int type_dim
    }
    
    if (pointer_len>2)
-   {   sprintf(errortext, "No multilevel (more than 2) pointer supported %d",pointer_len);
+   {   snprintf(errortext, sizeof(errortext), "No multilevel (more than 2) pointer supported %d",pointer_len);
        mmerror(PARSE_ERROR, ET_FATAL, errortext);
 /*     mmerror(PARSE_ERROR, ET_FATAL, "No multilevel (more than 2) pointer supported %d",pointer_len);*/
    }

diff --git a/src/interfaces/libpgtcl/pgtclCmds.c b/src/interfaces/libpgtcl/pgtclCmds.c
index 0cb46686dc105af349a7f1f0fef3ee3a44a08596..901bcbfd32935156bf4fbed902eb37c1d0124d2d 100644 (file)
--- a/src/interfaces/libpgtcl/pgtclCmds.c
+++ b/src/interfaces/libpgtcl/pgtclCmds.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/interfaces/libpgtcl/Attic/pgtclCmds.c,v 1.64 2002/08/18 01:39:43 momjian Exp $
+ *   $Header: /cvsroot/pgsql/src/interfaces/libpgtcl/Attic/pgtclCmds.c,v 1.65 2002/09/02 06:11:43 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1579,7 +1579,8 @@ Pg_lo_import(ClientData cData, Tcl_Interp *interp, int argc, char *argv[])
    lobjId = lo_import(conn, filename);
    if (lobjId == InvalidOid)
    {
-       sprintf(interp->result, "Pg_lo_import of '%s' failed", filename);
+       /* What is the maximum size of this? FIXME if this is not a good quess */
+       snprintf(interp->result, 128, "Pg_lo_import of '%s' failed", filename);
        return TCL_ERROR;
    }
    sprintf(interp->result, "%u", lobjId);

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 317cf772a7583436fda73b911239ae3ff1f10eb1..dbca53c585010a52f9370f3b92fdf2e427bfdf2f 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *   $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.69 2002/08/29 03:22:01 tgl Exp $
+ *   $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.70 2002/09/02 06:11:43 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -142,7 +142,7 @@ pg_krb4_init()
    {
        char        tktbuf[MAXPGPATH];
 
-       (void) sprintf(tktbuf, "%s@%s", tkt_string(), realm);
+       (void) snprintf(tktbuf, sizeof(tktbuf), "%s@%s", tkt_string(), realm);
        krb_set_tkt_string(tktbuf);
    }
 }
@@ -618,13 +618,13 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
        case AUTH_REQ_PASSWORD:
            if (password == NULL || *password == '\0')
            {
-               (void) sprintf(PQerrormsg,
+               (void) snprintf(PQerrormsg, PQERRORMSG_LENGTH,
                               "fe_sendauth: no password supplied\n");
                return STATUS_ERROR;
            }
            if (pg_password_sendauth(conn, password, areq) != STATUS_OK)
            {
-               (void) sprintf(PQerrormsg,
+               (void) snprintf(PQerrormsg, PQERRORMSG_LENGTH,
                 "fe_sendauth: error sending password authentication\n");
                return STATUS_ERROR;
            }