intoasc(), a wrapper for PGTYPESinterval_to_asc that converts an interval to its textual representation, used a plain memcpy() when copying its result. This could miss a zero-termination in the result string, leading to an incorrect result. The routines in informix.c do not provide the length of their result buffer, which would allow a replacement of strcpy() to safer strlcpy() calls, but this requires an ABI breakage and that cannot happen in back-branches. Author: Oleg Tselebrovskiy Reviewed-by: Ashutosh Bapat Discussion: https://postgr.es/m/bf47888585149f83b276861a1662f7e4@postgrespro.ru Backpatch-through: 12 |
||
---|---|---|
.. | ||
compatlib | ||
ecpglib | ||
include | ||
pgtypeslib | ||
preproc | ||
test | ||
Makefile | ||
README.dynSQL | ||
meson.build |
README.dynSQL
src/interfaces/ecpg/README.dynSQL descriptor statements have the following shortcomings - input descriptors (USING DESCRIPTOR <name>) are not supported Reason: to fully support dynamic SQL the frontend/backend communication should change to recognize input parameters. Since this is not likely to happen in the near future and you can cover the same functionality with the existing infrastructure (using s[n]printf), I'll leave the work to someone else.