ecpg: Fix off-by-one error in memory copying

In a rare case, one byte past the end of memory belonging to the
sqlca_t structure would be written to.

found by Coverity

diff --git a/src/interfaces/ecpg/ecpglib/misc.c b/src/interfaces/ecpg/ecpglib/misc.c
index 98e0597b03c8bd7d569a3ebf84ccc0629e956413..c29f933ef9c1afbee24ad5cb03e11e89c5002e54 100644 (file)
--- a/src/interfaces/ecpg/ecpglib/misc.c
+++ b/src/interfaces/ecpg/ecpglib/misc.c
@@ -530,7 +530,7 @@ ECPGset_var(int number, void *pointer, int lineno)
                struct sqlca_t *sqlca = ECPGget_sqlca();
 
                sqlca->sqlcode = ECPG_OUT_OF_MEMORY;
-               strncpy(sqlca->sqlstate, "YE001", sizeof("YE001"));
+               strncpy(sqlca->sqlstate, "YE001", sizeof(sqlca->sqlstate));
                snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), "out of memory on line %d", lineno);
                sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc);
                /* free all memory we have allocated for the user */