mirror of
https://github.com/postgres/postgres.git
synced 2026-03-14 22:53:49 -04:00
d35cd06199
Replace atol with pg_strtoint32_safe in the backend parser and with strtoint in ECPG to reject overflows when parsing the number of a positional parameter. With atol from glibc, parameters $2147483648 and $4294967297 turn into $-2147483648 and $1, respectively. Author: Erik Wienhold <ewie@ewie.name> Reviewed-by: Michael Paquier <michael@paquier.xyz> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Alexander Lakhin <exclusion@gmail.com> Discussion: https://www.postgresql.org/message-id/flat/5d216d1c-91f6-4cbe-95e2-b4cbd930520c@ewie.name |
||
|---|---|---|
| .. | ||
| compatlib | ||
| ecpglib | ||
| include | ||
| pgtypeslib | ||
| preproc | ||
| test | ||
| Makefile | ||
| meson.build | ||
| README.dynSQL | ||
src/interfaces/ecpg/README.dynSQL
descriptor statements have the following shortcomings
- input descriptors (USING DESCRIPTOR <name>) are not supported
Reason: to fully support dynamic SQL the frontend/backend communication
should change to recognize input parameters.
Since this is not likely to happen in the near future and you
can cover the same functionality with the existing infrastructure
(using s[n]printf), I'll leave the work to someone else.