From e77a1c58e338a1aebf00e3ae82d282f8bd32fe17 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Mon, 19 Feb 2024 11:38:18 +0900 Subject: ecpg: Fix zero-termination of string generated by intoasc() intoasc(), a wrapper for PGTYPESinterval_to_asc that converts an interval to its textual representation, used a plain memcpy() when copying its result. This could miss a zero-termination in the result string, leading to an incorrect result. The routines in informix.c do not provide the length of their result buffer, which would allow a replacement of strcpy() to safer strlcpy() calls, but this requires an ABI breakage and that cannot happen in back-branches. Author: Oleg Tselebrovskiy Reviewed-by: Ashutosh Bapat Discussion: https://postgr.es/m/bf47888585149f83b276861a1662f7e4@postgrespro.ru Backpatch-through: 12 --- src/interfaces/ecpg/compatlib/informix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/interfaces/ecpg/compatlib/informix.c') diff --git a/src/interfaces/ecpg/compatlib/informix.c b/src/interfaces/ecpg/compatlib/informix.c index dccf39582da..80d40aa3e09 100644 --- a/src/interfaces/ecpg/compatlib/informix.c +++ b/src/interfaces/ecpg/compatlib/informix.c @@ -654,7 +654,7 @@ intoasc(interval * i, char *str) if (!tmp) return -errno; - memcpy(str, tmp, strlen(tmp)); + strcpy(str, tmp); free(tmp); return 0; } -- cgit v1.2.3