I checked all the previous string handling errors and most of them were

author Bruce Momjian <bruce@momjian.us>

Mon, 2 Sep 2002 06:11:43 +0000 (06:11 +0000)

committer Bruce Momjian <bruce@momjian.us>

Mon, 2 Sep 2002 06:11:43 +0000 (06:11 +0000)
author Bruce Momjian <bruce@momjian.us>
Mon, 2 Sep 2002 06:11:43 +0000 (06:11 +0000)
committer Bruce Momjian <bruce@momjian.us>
Mon, 2 Sep 2002 06:11:43 +0000 (06:11 +0000)
diff --git a/contrib/cube/cubeparse.y b/contrib/cube/cubeparse.y

index accad12511a11cc5418166393f953cc00ecb96b9..887528eb03dc2948ea94440cff625abc770be574 100644 (file)
--- a/contrib/cube/cubeparse.y
+++ b/contrib/cube/cubeparse.y
@@ -164,8 +164,9 @@ int cube_yyerror ( char *msg ) {
  
    position = parse_buffer_pos() > parse_buffer_size() ? parse_buffer_pos() - 1 : parse_buffer_pos();
  
-  sprintf(
+  snprintf(
           buf, 
+         256,
           "%s at or before position %d, character ('%c', \\%03o), input: '%s'\n", 
           msg,
           position,
diff --git a/contrib/intarray/_int.c b/contrib/intarray/_int.c

index 1c0de0bce80a59cc6cc8305b5532deeb0997a0d6..75ebf5d8dda899a0ae042bd79847079f80f102e1 100644 (file)
--- a/contrib/intarray/_int.c
+++ b/contrib/intarray/_int.c
@@ -22,6 +22,7 @@
  #include "utils/array.h"
  #include "utils/builtins.h"
  #include "storage/bufpage.h"
+#include "lib/stringinfo.h"
  
  /* number ranges for compression */
  #define MAXNUMRANGE 100
@@ -99,20 +100,19 @@ typedef char *BITVECP;
  static void
  printarr(ArrayType *a, int num)
  {
-       char            bbb[16384];
+       StringInfoData  bbb;
         char       *cur;
         int                     l;
         int                *d;
  
         d = ARRPTR(a);
-       *bbb = '\0';
-       cur = bbb;
+       initStringInfo(&bbb);
         for (l = 0; l < min(num, ARRNELEMS(a)); l++)
         {
-               sprintf(cur, "%d ", d[l]);
-               cur = strchr(cur, '\0');
+               appendStringInfo(&bbb, "%d ", d[l]);
         }
-       elog(DEBUG3, "\t\t%s", bbb);
+       elog(DEBUG3, "\t\t%s", bbb.data);
+       pfree(bbb.data);
  }
  static void
  printbitvec(BITVEC bv)
@@ -1924,7 +1924,7 @@ bqarr_in(PG_FUNCTION_ARGS) {
         NODE *tmp;
         int4 pos=0;
  #ifdef BS_DEBUG
-       char pbuf[16384],*cur;
+       StringInfoData  pbuf;
  #endif
  
         state.buf = buf;
@@ -1955,16 +1955,15 @@ bqarr_in(PG_FUNCTION_ARGS) {
         pos = query->size-1;
         findoprnd( ptr, &pos );
  #ifdef BS_DEBUG
-       cur = pbuf;
-       *cur = '\0';
+       initStringInfo(&pbuf);
         for( i=0;i<query->size;i++ ) {
                 if ( ptr[i].type == OPR )
-                       sprintf(cur, "%c(%d) ", ptr[i].val, ptr[i].left);
+                       appendStringInfo(&pbuf, "%c(%d) ", ptr[i].val, ptr[i].left);
                 else
-                       sprintf(cur, "%d ", ptr[i].val );
-               cur = strchr(cur,'\0');
+                       appendStringInfo(&pbuf, "%d ", ptr[i].val );
         }
-       elog(DEBUG3,"POR: %s", pbuf);
+       elog(DEBUG3,"POR: %s", pbuf.data);
+       pfree(pbuf.data);
  #endif
  
         PG_RETURN_POINTER( query );
diff --git a/contrib/seg/segparse.y b/contrib/seg/segparse.y

index 10a4227c19044710c7a31984d81fd0348ec526af..3ffcbff4170444953100c5dda63b7bef7dc795fe 100644 (file)
--- a/contrib/seg/segparse.y
+++ b/contrib/seg/segparse.y
@@ -144,7 +144,7 @@ float seg_atof ( char *value ) {
    sscanf(value, "%f", &result);
  
    if ( errno ) {
-    sprintf(buf, "numeric value %s unrepresentable", value);
+    snprintf(buf, 256, "numeric value %s unrepresentable", value);
      reset_parse_buffer();     
      elog(ERROR, buf);
    }
@@ -165,8 +165,9 @@ int seg_yyerror ( char *msg ) {
  
    position = parse_buffer_pos() > parse_buffer_size() ? parse_buffer_pos() - 1 : parse_buffer_pos();
  
-  sprintf(
+  snprintf(
           buf, 
+         256,
           "%s at or near position %d, character ('%c', \\%03o), input: '%s'\n", 
           msg,
           position,
diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c

index 6355763f94874c634fb88695960895c5031e34f4..e1688c98a19d11315843e93176941f748f4528f6 100644 (file)
--- a/contrib/spi/refint.c
+++ b/contrib/spi/refint.c
@@ -112,7 +112,7 @@ check_primary_key(PG_FUNCTION_ARGS)
          * Construct ident string as TriggerName $ TriggeredRelationId and try
          * to find prepared execution plan.
          */
-       snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+       snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
         plan = find_plan(ident, &PPlans, &nPPlans);
  
         /* if there is no plan then allocate argtypes for preparation */
@@ -160,10 +160,10 @@ check_primary_key(PG_FUNCTION_ARGS)
                  * Construct query: SELECT 1 FROM _referenced_relation_ WHERE
                  * Pkey1 = $1 [AND Pkey2 = $2 [...]]
                  */
-               snprintf(sql, 8192, "select 1 from %s where ", relname);
+               snprintf(sql, sizeof(sql), "select 1 from %s where ", relname);
                 for (i = 0; i < nkeys; i++)
                 {
-                       snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s",
+                       snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
                           args[i + nkeys + 1], i + 1, (i < nkeys - 1) ? "and " : "");
                 }
  
@@ -320,7 +320,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
          * Construct ident string as TriggerName $ TriggeredRelationId and try
          * to find prepared execution plan(s).
          */
-       snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+       snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
         plan = find_plan(ident, &FPlans, &nFPlans);
  
         /* if there is no plan(s) then allocate argtypes for preparation */
@@ -411,7 +411,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                          */
                         if (action == 'r')
  
-                               snprintf(sql, 8192, "select 1 from %s where ", relname);
+                               snprintf(sql, sizeof(sql), "select 1 from %s where ", relname);
  
                         /*---------
                          * For 'C'ascade action we construct DELETE query
@@ -438,7 +438,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                                         char       *nv;
                                         int                     k;
  
-                                       snprintf(sql, 8192, "update %s set ", relname);
+                                       snprintf(sql, sizeof(sql), "update %s set ", relname);
                                         for (k = 1; k <= nkeys; k++)
                                         {
                                                 int                     is_char_type = 0;
@@ -461,7 +461,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                                                  * is_char_type =1 i set ' ' for define a new
                                                  * value
                                                  */
-                                               snprintf(sql + strlen(sql), 8192 - strlen(sql),
+                                               snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
                                                                 " %s = %s%s%s %s ",
                                                                 args2[k], (is_char_type > 0) ? "'" : "",
                                                                 nv, (is_char_type > 0) ? "'" : "", (k < nkeys) ? ", " : "");
@@ -472,7 +472,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                                 }
                                 else
  /* DELETE */
-                                       snprintf(sql, 8192, "delete from %s where ", relname);
+                                       snprintf(sql, sizeof(sql), "delete from %s where ", relname);
  
                         }
  
@@ -484,10 +484,10 @@ check_foreign_key(PG_FUNCTION_ARGS)
                          */
                         else if (action == 's')
                         {
-                               snprintf(sql, 8192, "update %s set ", relname);
+                               snprintf(sql, sizeof(sql), "update %s set ", relname);
                                 for (i = 1; i <= nkeys; i++)
                                 {
-                                       snprintf(sql + strlen(sql), 8192 - strlen(sql),
+                                       snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql),
                                                         "%s = null%s",
                                                         args2[i], (i < nkeys) ? ", " : "");
                                 }
@@ -497,7 +497,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
                         /* Construct WHERE qual */
                         for (i = 1; i <= nkeys; i++)
                         {
-                               snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s",
+                               snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s",
                                                 args2[i], i, (i < nkeys) ? "and " : "");
                         }
  
@@ -547,7 +547,7 @@ check_foreign_key(PG_FUNCTION_ARGS)
  
                 relname = args[0];
  
-               snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+               snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
                 plan = find_plan(ident, &FPlans, &nFPlans);
                 ret = SPI_execp(plan->splan[r], kvals, NULL, tcount);
                 /* we have no NULLs - so we pass   ^^^^  here */
diff --git a/contrib/spi/timetravel.c b/contrib/spi/timetravel.c

index 7bd30c109f9e5eeb18f5a36fe56eef16e5a6ba3e..771e9248b89e2db4d9f6917eb835d5d611c5763d 100644 (file)
--- a/contrib/spi/timetravel.c
+++ b/contrib/spi/timetravel.c
@@ -250,7 +250,7 @@ timetravel(PG_FUNCTION_ARGS)
          * Construct ident string as TriggerName $ TriggeredRelationId and try
          * to find prepared execution plan.
          */
-       snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id);
+       snprintf(ident, sizeof(ident), "%s$%u", trigger->tgname, rel->rd_id);
         plan = find_plan(ident, &Plans, &nPlans);
  
         /* if there is no plan ... */
@@ -266,10 +266,10 @@ timetravel(PG_FUNCTION_ARGS)
                 /*
                  * Construct query: INSERT INTO _relation_ VALUES ($1, ...)
                  */
-               snprintf(sql, 8192, "INSERT INTO %s VALUES (", relname);
+               snprintf(sql, sizeof(sql), "INSERT INTO %s VALUES (", relname);
                 for (i = 1; i <= natts; i++)
                 {
-                       snprintf(sql + strlen(sql), 8192 - strlen(sql), "$%d%s",
+                       snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "$%d%s",
                                         i, (i < natts) ? ", " : ")");
                         ctypes[i - 1] = SPI_gettypeid(tupdesc, i);
                 }
diff --git a/doc/src/sgml/spi.sgml b/doc/src/sgml/spi.sgml

index ca6d62e1ae16eeb25698515575a52e04cf5688a9..e25c2a259cc0250f2b7cd3aca77f43559acce994 100644 (file)
--- a/doc/src/sgml/spi.sgml
+++ b/doc/src/sgml/spi.sgml
@@ -1,5 +1,5 @@
  <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/spi.sgml,v 1.22 2002/03/22 19:20:30 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/spi.sgml,v 1.23 2002/09/02 06:11:42 momjian Exp $
  -->
  
  <Chapter id="spi">
@@ -3815,7 +3815,7 @@ execq(text *sql, int cnt)
              HeapTuple tuple = tuptable->vals[j];
              
              for (i = 1, buf[0] = 0; i <= tupdesc->natts; i++)
-                sprintf(buf + strlen (buf), " %s%s",
+                snprintf(buf + strlen (buf), sizeof(buf) - strlen(buf)," %s%s",
                          SPI_getvalue(tuple, tupdesc, i),
                          (i == tupdesc->natts) ? " " : " |");
              elog (INFO, "EXECQ: %s", buf);
diff --git a/src/backend/parser/analyze.c b/src/backend/parser/analyze.c

index 7abb2abfd600f8133e5b67afdb65a21bfb0c9298..9896011df39571ee98a71c400b91c38f9cc3d9b5 100644 (file)
--- a/src/backend/parser/analyze.c
+++ b/src/backend/parser/analyze.c
@@ -6,7 +6,7 @@
   * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
   * Portions Copyright (c) 1994, Regents of the University of California
   *
- *     $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.246 2002/08/29 07:22:22 ishii Exp $
+ *     $Header: /cvsroot/pgsql/src/backend/parser/analyze.c,v 1.247 2002/09/02 06:11:42 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -2153,7 +2153,7 @@ transformSetOperationTree(ParseState *pstate, SelectStmt *stmt)
                 /*
                  * Make the leaf query be a subquery in the top-level rangetable.
                  */
-               snprintf(selectName, 32, "*SELECT* %d", length(pstate->p_rtable) + 1);
+               snprintf(selectName, sizeof(selectName), "*SELECT* %d", length(pstate->p_rtable) + 1);
                 rte = addRangeTableEntryForSubquery(pstate,
                                                                                         selectQuery,
                                                                                         makeAlias(selectName, NIL),
diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c

index a3b959fe8f832e632b1ed9b3ae31f35ee3a85642..83c97fb75503f528517aa13dc28ece463a9e8070 100644 (file)
--- a/src/backend/storage/file/fd.c
+++ b/src/backend/storage/file/fd.c
@@ -7,7 +7,7 @@
   * Portions Copyright (c) 1994, Regents of the University of California
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/storage/file/fd.c,v 1.94 2002/09/02 02:47:03 momjian Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/storage/file/fd.c,v 1.95 2002/09/02 06:11:42 momjian Exp $
   *
   * NOTES:
   *
@@ -344,14 +344,14 @@ _dump_lru(void)
         Vfd                *vfdP = &VfdCache[mru];
         char            buf[2048];
  
-       sprintf(buf, "LRU: MOST %d ", mru);
+       snprintf(buf, sizeof(buf), "LRU: MOST %d ", mru);
         while (mru != 0)
         {
                 mru = vfdP->lruLessRecently;
                 vfdP = &VfdCache[mru];
-               sprintf(buf + strlen(buf), "%d ", mru);
+               snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru);
         }
-       sprintf(buf + strlen(buf), "LEAST");
+       snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST");
         elog(LOG, buf);
  }
  #endif   /* FDDEBUG */
diff --git a/src/backend/utils/adt/ri_triggers.c b/src/backend/utils/adt/ri_triggers.c

index f50f240fc35a4e9cfdbe707bf80e34171740a413..f6d56d0d5537a9304f8cbb4f42db32ce58995000 100644 (file)
--- a/src/backend/utils/adt/ri_triggers.c
+++ b/src/backend/utils/adt/ri_triggers.c
@@ -17,7 +17,7 @@
   *
   * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
   *
- * $Header: /cvsroot/pgsql/src/backend/utils/adt/ri_triggers.c,v 1.40 2002/07/30 16:33:21 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/ri_triggers.c,v 1.41 2002/09/02 06:11:42 momjian Exp $
   *
   * ----------
   */
@@ -262,7 +262,7 @@ RI_FKey_check(PG_FUNCTION_ARGS)
                          * ----------
                          */
                         quoteRelationName(pkrelname, pk_rel);
-                       sprintf(querystr, "SELECT 1 FROM ONLY %s x FOR UPDATE OF x",
+                       snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x FOR UPDATE OF x",
                                         pkrelname);
  
                         /*
@@ -413,13 +413,13 @@ RI_FKey_check(PG_FUNCTION_ARGS)
                  * ----------
                  */
                 quoteRelationName(pkrelname, pk_rel);
-               sprintf(querystr, "SELECT 1 FROM ONLY %s x", pkrelname);
+               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", pkrelname);
                 querysep = "WHERE";
                 for (i = 0; i < qkey.nkeypairs; i++)
                 {
                         quoteOneName(attname,
                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_PK_IDX]);
-                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                         querysep, attname, i+1);
                         querysep = "AND";
                         queryoids[i] = SPI_gettypeid(fk_rel->rd_att,
@@ -614,13 +614,13 @@ ri_Check_Pk_Match(Relation pk_rel, HeapTuple old_row, Oid tgoid, int match_type,
                  * ----------
                  */
                 quoteRelationName(pkrelname, pk_rel);
-               sprintf(querystr, "SELECT 1 FROM ONLY %s x", pkrelname);
+               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", pkrelname);
                 querysep = "WHERE";
                 for (i = 0; i < qkey.nkeypairs; i++)
                 {
                         quoteOneName(attname,
                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_PK_IDX]);
-                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                         querysep, attname, i+1);
                         querysep = "AND";
                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -816,13 +816,13 @@ RI_FKey_noaction_del(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                                 querysep = "WHERE";
                                 for (i = 0; i < qkey.nkeypairs; i++)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                                         querysep, attname, i+1);
                                         querysep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1050,13 +1050,13 @@ RI_FKey_noaction_upd(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                                 querysep = "WHERE";
                                 for (i = 0; i < qkey.nkeypairs; i++)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                                         querysep, attname, i+1);
                                         querysep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1257,13 +1257,13 @@ RI_FKey_cascade_del(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "DELETE FROM ONLY %s", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "DELETE FROM ONLY %s", fkrelname);
                                 querysep = "WHERE";
                                 for (i = 0; i < qkey.nkeypairs; i++)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                                         querysep, attname, i+1);
                                         querysep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1474,7 +1474,7 @@ RI_FKey_cascade_upd(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                                 qualstr[0] = '\0';
                                 querysep = "";
                                 qualsep = "WHERE";
@@ -1482,9 +1482,9 @@ RI_FKey_cascade_upd(PG_FUNCTION_ARGS)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), "%s %s = $%d",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = $%d",
                                                         querysep, attname, i+1);
-                                       sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                                       snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                                                         qualsep, attname, j+1);
                                         querysep = ",";
                                         qualsep = "AND";
@@ -1698,13 +1698,13 @@ RI_FKey_restrict_del(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                                 querysep = "WHERE";
                                 for (i = 0; i < qkey.nkeypairs; i++)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                                         querysep, attname, i+1);
                                         querysep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -1926,13 +1926,13 @@ RI_FKey_restrict_upd(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "SELECT 1 FROM ONLY %s x", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "SELECT 1 FROM ONLY %s x", fkrelname);
                                 querysep = "WHERE";
                                 for (i = 0; i < qkey.nkeypairs; i++)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), " %s %s = $%d",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), " %s %s = $%d",
                                                         querysep, attname, i+1);
                                         querysep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -2140,7 +2140,7 @@ RI_FKey_setnull_del(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                                 qualstr[0] = '\0';
                                 querysep = "";
                                 qualsep = "WHERE";
@@ -2148,9 +2148,9 @@ RI_FKey_setnull_del(PG_FUNCTION_ARGS)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                                                         querysep, attname);
-                                       sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                                       snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                                                         qualsep, attname, i+1);
                                         querysep = ",";
                                         qualsep = "AND";
@@ -2384,7 +2384,7 @@ RI_FKey_setnull_upd(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                                 qualstr[0] = '\0';
                                 querysep = "";
                                 qualsep = "WHERE";
@@ -2400,11 +2400,11 @@ RI_FKey_setnull_upd(PG_FUNCTION_ARGS)
                                           !ri_OneKeyEqual(pk_rel, i, old_row, new_row, &qkey,
                                                                           RI_KEYPAIR_PK_IDX))
                                         {
-                                               sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                                               snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                                                                 querysep, attname);
                                                 querysep = ",";
                                         }
-                                       sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                                       snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                                                         qualsep, attname, i+1);
                                         qualsep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
@@ -2616,7 +2616,7 @@ RI_FKey_setdefault_del(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                                 qualstr[0] = '\0';
                                 querysep = "";
                                 qualsep = "WHERE";
@@ -2624,9 +2624,9 @@ RI_FKey_setdefault_del(PG_FUNCTION_ARGS)
                                 {
                                         quoteOneName(attname,
                                                                  tgargs[RI_FIRST_ATTNAME_ARGNO + i * 2 + RI_KEYPAIR_FK_IDX]);
-                                       sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                                       snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                                                         querysep, attname);
-                                       sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                                       snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                                                         qualsep, attname, i+1);
                                         querysep = ",";
                                         qualsep = "AND";
@@ -2885,7 +2885,7 @@ RI_FKey_setdefault_upd(PG_FUNCTION_ARGS)
                                  * ----------
                                  */
                                 quoteRelationName(fkrelname, fk_rel);
-                               sprintf(querystr, "UPDATE ONLY %s SET", fkrelname);
+                               snprintf(querystr, sizeof(querystr), "UPDATE ONLY %s SET", fkrelname);
                                 qualstr[0] = '\0';
                                 querysep = "";
                                 qualsep = "WHERE";
@@ -2901,11 +2901,11 @@ RI_FKey_setdefault_upd(PG_FUNCTION_ARGS)
                                                 !ri_OneKeyEqual(pk_rel, i, old_row,
                                                                           new_row, &qkey, RI_KEYPAIR_PK_IDX))
                                         {
-                                               sprintf(querystr + strlen(querystr), "%s %s = NULL",
+                                               snprintf(querystr + strlen(querystr), sizeof(querystr) - strlen(querystr), "%s %s = NULL",
                                                                 querysep, attname);
                                                 querysep = ",";
                                         }
-                                       sprintf(qualstr + strlen(qualstr), " %s %s = $%d",
+                                       snprintf(qualstr + strlen(qualstr), sizeof(qualstr) - strlen(qualstr), " %s %s = $%d",
                                                         qualsep, attname, i+1);
                                         qualsep = "AND";
                                         queryoids[i] = SPI_gettypeid(pk_rel->rd_att,
diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c

index d552f63a3a81b4a37e6e9e84580bc7f6605bc4fd..0e6500a707b8a649a8556b68c6088c8f351957c1 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -22,7 +22,7 @@
   *
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.295 2002/08/29 00:17:05 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_dump.c,v 1.296 2002/09/02 06:11:42 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -5706,7 +5706,7 @@ setMaxOid(Archive *fout)
         PQclear(res);
         if (g_verbose)
                 write_msg(NULL, "maximum system oid is %u\n", max_oid);
-       snprintf(sql, 1024,
+       snprintf(sql, sizeof(sql),
                          "CREATE TEMPORARY TABLE pgdump_oid (dummy integer);\n"
                          "COPY pgdump_oid WITH OIDS FROM stdin;\n"
                          "%u\t0\n"
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c

index 1311209f69de34440a4228dbada57dfba6881c36..000402216a9c4615ef0afbf5e7c123a1a4fbbb4f 100644 (file)
--- a/src/bin/psql/command.c
+++ b/src/bin/psql/command.c
@@ -3,7 +3,7 @@
   *
   * Copyright 2000-2002 by PostgreSQL Global Development Group
   *
- * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.78 2002/08/14 05:49:22 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/bin/psql/command.c,v 1.79 2002/09/02 06:11:42 momjian Exp $
   */
  #include "postgres_fe.h"
  #include "command.h"
@@ -1549,7 +1549,7 @@ do_edit(const char *filename_arg, PQExpBuffer query_buf)
  #ifndef WIN32
                 const char *tmpdirenv = getenv("TMPDIR");
  
-               sprintf(fnametmp, "%s/psql.edit.%ld.%ld",
+               snprintf(fnametmp, sizeof(fnametmp), "%s/psql.edit.%ld.%ld",
                                 tmpdirenv ? tmpdirenv : "/tmp",
                                 (long) geteuid(), (long) getpid());
  #else
diff --git a/src/interfaces/ecpg/preproc/pgc.l b/src/interfaces/ecpg/preproc/pgc.l

index 20f08b6182a1d592452c7f6f0c66d4d89a9d7ff9..d9d09d90f75821939c83c48c76a1204ccd831378 100644 (file)
--- a/src/interfaces/ecpg/preproc/pgc.l
+++ b/src/interfaces/ecpg/preproc/pgc.l
@@ -12,7 +12,7 @@
   *
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/pgc.l,v 1.98 2002/07/30 16:33:08 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/pgc.l,v 1.99 2002/09/02 06:11:42 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -405,7 +405,7 @@ cppline                     {space}*#(.*\\{space})*.*
                                                         mmerror(PARSE_ERROR, ET_ERROR, "zero-length delimited identifier");
                                                 if (literallen >= NAMEDATALEN)
                                                 {
-                                                       sprintf(errortext, "identifier \"%s\" will be truncated to \"%.*s\"",
+                                                       snprintf(errortext, sizeof(errortext), "identifier \"%s\" will be truncated to \"%.*s\"",
                                                                         literalbuf, NAMEDATALEN-1, literalbuf);
                                                         literalbuf[NAMEDATALEN-1] = '\0';
                                                         mmerror(PARSE_ERROR, ET_WARNING, errortext);
@@ -831,7 +831,7 @@ cppline                     {space}*#(.*\\{space})*.*
                                                                 fprintf(stderr, "Error: Path %s/%s is too long in line %d, skipping.\n", ip->path, yytext, yylineno);
                                                                 continue;
                                                         }
-                                                       sprintf (inc_file, "%s/%s", ip->path, yytext);
+                                                       snprintf (inc_file, sizeof(inc_file), "%s/%s", ip->path, yytext);
                                                         yyin = fopen( inc_file, "r" );
                                                         if (!yyin)
                                                         {
@@ -844,7 +844,7 @@ cppline                     {space}*#(.*\\{space})*.*
                                                 }
                                                 if (!yyin)
                                                 {
-                                                       sprintf(errortext, "Cannot open include file %s in line %d\n", yytext, yylineno);
+                                                       snprintf(errortext, sizeof(errortext), "Cannot open include file %s in line %d\n", yytext, yylineno);
                                                         mmerror(NO_INCLUDE_FILE, ET_FATAL, errortext);
                                                 }
  
diff --git a/src/interfaces/ecpg/preproc/preproc.y b/src/interfaces/ecpg/preproc/preproc.y

index 008523350e1313051fe203425c1e72c6bf039a18..7069d5611d77a1f793eb58c444afa4eb29dc46df 100644 (file)
--- a/src/interfaces/ecpg/preproc/preproc.y
+++ b/src/interfaces/ecpg/preproc/preproc.y
@@ -1,4 +1,4 @@
-/* $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/Attic/preproc.y,v 1.195 2002/07/21 11:09:41 meskes Exp $ */
+/* $Header: /cvsroot/pgsql/src/interfaces/ecpg/preproc/Attic/preproc.y,v 1.196 2002/09/02 06:11:43 momjian Exp $ */
  
  /* Copyright comment */
  %{
@@ -582,7 +582,7 @@ stmt:  AlterDatabaseSetStmt { output_statement($1, 0, connection); }
  
                         if (ptr == NULL)
                         {
-                               sprintf(errortext, "trying to open undeclared cursor %s\n", $1);
+                               snprintf(errortext, sizeof(errortext), "trying to open undeclared cursor %s\n", $1);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -1119,7 +1119,7 @@ columnDef:        ColId Typename ColQualList opt_collate
                 {
                         if (strlen($4) > 0)
                         {
-                               sprintf(errortext, "Currently unsupported CREATE TABLE / COLLATE %s will be passed to backend", $4);
+                               snprintf(errortext, sizeof(errortext), "Currently unsupported CREATE TABLE / COLLATE %s will be passed to backend", $4);
                                 mmerror(PARSE_ERROR, ET_WARNING, errortext);
                         }
                         $$ = cat_str(4, $1, $2, $3, $4);
@@ -2406,7 +2406,7 @@ CursorStmt:  DECLARE name opt_cursor CURSOR FOR SelectStmt
                                 if (strcmp($2, ptr->name) == 0)
                                 {
                                                 /* re-definition is a bug */
-                                       sprintf(errortext, "cursor %s already defined", $2);
+                                       snprintf(errortext, sizeof(errortext), "cursor %s already defined", $2);
                                         mmerror(PARSE_ERROR, ET_ERROR, errortext);
                                 }
                         }
@@ -3628,7 +3628,7 @@ connection_target: database_name opt_server opt_port
                         /* old style: dbname[@server][:port] */
                         if (strlen($2) > 0 && *($2) != '@')
                         {
-                               sprintf(errortext, "Expected '@', found '%s'", $2);
+                               sprintf(errortext, sizeof(errortext), "Expected '@', found '%s'", $2);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -3639,13 +3639,13 @@ connection_target: database_name opt_server opt_port
                         /* new style: <tcp|unix>:postgresql://server[:port][/dbname] */
                         if (strncmp($1, "unix:postgresql", strlen("unix:postgresql")) != 0 && strncmp($1, "tcp:postgresql", strlen("tcp:postgresql")) != 0)
                         {
-                               sprintf(errortext, "only protocols 'tcp' and 'unix' and database type 'postgresql' are supported");
+                               snprintf(errortext, sizeof(errortext), "only protocols 'tcp' and 'unix' and database type 'postgresql' are supported");
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
                         if (strncmp($3, "//", strlen("//")) != 0)
                         {
-                               sprintf(errortext, "Expected '://', found '%s'", $3);
+                               snprintf(errortext, sizeof(errortext), "Expected '://', found '%s'", $3);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -3653,7 +3653,7 @@ connection_target: database_name opt_server opt_port
                                 strncmp($3 + strlen("//"), "localhost", strlen("localhost")) != 0 &&
                                 strncmp($3 + strlen("//"), "127.0.0.1", strlen("127.0.0.1")) != 0)
                         {
-                               sprintf(errortext, "unix domain sockets only work on 'localhost' but not on '%9.9s'", $3 + strlen("//"));
+                               snprintf(errortext, sizeof(errortext), "unix domain sockets only work on 'localhost' but not on '%9.9s'", $3 + strlen("//"));
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -3686,13 +3686,13 @@ db_prefix: ident CVARIABLE
                 {
                         if (strcmp($2, "postgresql") != 0 && strcmp($2, "postgres") != 0)
                         {
-                               sprintf(errortext, "Expected 'postgresql', found '%s'", $2);
+                               snprintf(errortext, sizeof(errortext), "Expected 'postgresql', found '%s'", $2);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
                         if (strcmp($1, "tcp") != 0 && strcmp($1, "unix") != 0)
                         {
-                               sprintf(errortext, "Illegal connection type %s", $1);
+                               snprintf(errortext, sizeof(errortext), "Illegal connection type %s", $1);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -3704,7 +3704,7 @@ server: Op server_name
                 {
                         if (strcmp($1, "@") != 0 && strcmp($1, "//") != 0)
                         {
-                               sprintf(errortext, "Expected '@' or '://', found '%s'", $1);
+                               snprintf(errortext, sizeof(errortext), "Expected '@' or '://', found '%s'", $1);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -3806,7 +3806,7 @@ opt_options: Op ColId
  
                         if (strcmp($1, "?") != 0)
                         {
-                               sprintf(errortext, "unrecognised token '%s'", $1);
+                               snprintf(errortext, sizeof(errortext), "unrecognised token '%s'", $1);
                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                         }
  
@@ -3829,7 +3829,7 @@ ECPGCursorStmt:  DECLARE name opt_cursor CURSOR FOR ident
                                 if (strcmp($2, ptr->name) == 0)
                                 {
                                                 /* re-definition is a bug */
-                                       sprintf(errortext, "cursor %s already defined", $2);
+                                       snprintf(errortext, sizeof(errortext), "cursor %s already defined", $2);
                                         mmerror(PARSE_ERROR, ET_ERROR, errortext);
                                 }
                         }
@@ -3923,7 +3923,7 @@ type_declaration: S_TYPEDEF
                                 if (strcmp($5, ptr->name) == 0)
                                 {
                                         /* re-definition is a bug */
-                                       sprintf(errortext, "Type %s already defined", $5);
+                                       snprintf(errortext, sizeof(errortext), "Type %s already defined", $5);
                                         mmerror(PARSE_ERROR, ET_ERROR, errortext);
                                 }
                         }
@@ -4528,7 +4528,7 @@ ECPGTypedef: TYPE_P
                                         if (strcmp($3, ptr->name) == 0)
                                         {
                                                 /* re-definition is a bug */
-                                               sprintf(errortext, "Type %s already defined", $3);
+                                               snprintf(errortext, sizeof(errortext), "Type %s already defined", $3);
                                                 mmerror(PARSE_ERROR, ET_ERROR, errortext);
                                         }
                                 }
diff --git a/src/interfaces/ecpg/preproc/variable.c b/src/interfaces/ecpg/preproc/variable.c

index cee7ab3cf50fd39636545b69da72bfc632112d56..fd8b7c979433a5dd20d263f4a546fca6f0a9ac76 100644 (file)
--- a/src/interfaces/ecpg/preproc/variable.c
+++ b/src/interfaces/ecpg/preproc/variable.c
@@ -80,13 +80,13 @@ find_struct(char *name, char *next)
         {
                 if (p->type->type != ECPGt_array)
                 {
-                       sprintf(errortext, "variable %s is not a pointer", name);
+                       snprintf(errortext, sizeof(errortext), "variable %s is not a pointer", name);
                         mmerror(PARSE_ERROR, ET_FATAL, errortext);
                 }
  
                 if (p->type->u.element->type != ECPGt_struct && p->type->u.element->type != ECPGt_union)
                 {
-                       sprintf(errortext, "variable %s is not a pointer to a structure or a union", name);
+                       snprintf(errortext, sizeof(errortext), "variable %s is not a pointer to a structure or a union", name);
                         mmerror(PARSE_ERROR, ET_FATAL, errortext);
                 }
  
@@ -100,7 +100,7 @@ find_struct(char *name, char *next)
         {
                 if (p->type->type != ECPGt_struct && p->type->type != ECPGt_union)
                 {
-                       sprintf(errortext, "variable %s is neither a structure nor a union", name);
+                       snprintf(errortext, sizeof(errortext), "variable %s is neither a structure nor a union", name);
                         mmerror(PARSE_ERROR, ET_FATAL, errortext);
                 }
  
@@ -142,7 +142,7 @@ find_variable(char *name)
  
         if (p == NULL)
         {
-               sprintf(errortext, "The variable %s is not declared", name);
+               snprintf(errortext, sizeof(errortext), "The variable %s is not declared", name);
                 mmerror(PARSE_ERROR, ET_FATAL, errortext);
         }
  
@@ -290,7 +290,7 @@ get_typedef(char *name)
         for (this = types; this && strcmp(this->name, name); this = this->next);
         if (!this)
         {
-               sprintf(errortext, "invalid datatype '%s'", name);
+               snprintf(errortext, sizeof(errortext), "invalid datatype '%s'", name);
                 mmerror(PARSE_ERROR, ET_FATAL, errortext);
         }
  
@@ -320,7 +320,7 @@ adjust_array(enum ECPGttype type_enum, int *dimension, int *length, int type_dim
         }
         
         if (pointer_len>2)
-       {       sprintf(errortext, "No multilevel (more than 2) pointer supported %d",pointer_len);
+       {       snprintf(errortext, sizeof(errortext), "No multilevel (more than 2) pointer supported %d",pointer_len);
             mmerror(PARSE_ERROR, ET_FATAL, errortext);
  /*             mmerror(PARSE_ERROR, ET_FATAL, "No multilevel (more than 2) pointer supported %d",pointer_len);*/
         }
diff --git a/src/interfaces/libpgtcl/pgtclCmds.c b/src/interfaces/libpgtcl/pgtclCmds.c

index 0cb46686dc105af349a7f1f0fef3ee3a44a08596..901bcbfd32935156bf4fbed902eb37c1d0124d2d 100644 (file)
--- a/src/interfaces/libpgtcl/pgtclCmds.c
+++ b/src/interfaces/libpgtcl/pgtclCmds.c
@@ -8,7 +8,7 @@
   *
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/interfaces/libpgtcl/Attic/pgtclCmds.c,v 1.64 2002/08/18 01:39:43 momjian Exp $
+ *       $Header: /cvsroot/pgsql/src/interfaces/libpgtcl/Attic/pgtclCmds.c,v 1.65 2002/09/02 06:11:43 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -1579,7 +1579,8 @@ Pg_lo_import(ClientData cData, Tcl_Interp *interp, int argc, char *argv[])
         lobjId = lo_import(conn, filename);
         if (lobjId == InvalidOid)
         {
-               sprintf(interp->result, "Pg_lo_import of '%s' failed", filename);
+               /* What is the maximum size of this? FIXME if this is not a good quess */
+               snprintf(interp->result, 128, "Pg_lo_import of '%s' failed", filename);
                 return TCL_ERROR;
         }
         sprintf(interp->result, "%u", lobjId);
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c

index 317cf772a7583436fda73b911239ae3ff1f10eb1..dbca53c585010a52f9370f3b92fdf2e427bfdf2f 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
   * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
   *
   * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.69 2002/08/29 03:22:01 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.70 2002/09/02 06:11:43 momjian Exp $
   *
   *-------------------------------------------------------------------------
   */
@@ -142,7 +142,7 @@ pg_krb4_init()
         {
                 char            tktbuf[MAXPGPATH];
  
-               (void) sprintf(tktbuf, "%s@%s", tkt_string(), realm);
+               (void) snprintf(tktbuf, sizeof(tktbuf), "%s@%s", tkt_string(), realm);
                 krb_set_tkt_string(tktbuf);
         }
  }
@@ -618,13 +618,13 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
                 case AUTH_REQ_PASSWORD:
                         if (password == NULL || *password == '\0')
                         {
-                               (void) sprintf(PQerrormsg,
+                               (void) snprintf(PQerrormsg, PQERRORMSG_LENGTH,
                                                            "fe_sendauth: no password supplied\n");
                                 return STATUS_ERROR;
                         }
                         if (pg_password_sendauth(conn, password, areq) != STATUS_OK)
                         {
-                               (void) sprintf(PQerrormsg,
+                               (void) snprintf(PQerrormsg, PQERRORMSG_LENGTH,
                                  "fe_sendauth: error sending password authentication\n");
                                 return STATUS_ERROR;
                         }
author	Bruce Momjian <bruce@momjian.us>
	Mon, 2 Sep 2002 06:11:43 +0000 (06:11 +0000)
committer	Bruce Momjian <bruce@momjian.us>
	Mon, 2 Sep 2002 06:11:43 +0000 (06:11 +0000)
contrib/cube/cubeparse.y		patch \| blob \| history
contrib/intarray/_int.c		patch \| blob \| history
contrib/seg/segparse.y		patch \| blob \| history
contrib/spi/refint.c		patch \| blob \| history
contrib/spi/timetravel.c		patch \| blob \| history
doc/src/sgml/spi.sgml		patch \| blob \| history
src/backend/parser/analyze.c		patch \| blob \| history
src/backend/storage/file/fd.c		patch \| blob \| history
src/backend/utils/adt/ri_triggers.c		patch \| blob \| history
src/bin/pg_dump/pg_dump.c		patch \| blob \| history
src/bin/psql/command.c		patch \| blob \| history
src/interfaces/ecpg/preproc/pgc.l		patch \| blob \| history
src/interfaces/ecpg/preproc/preproc.y		patch \| blob \| history
src/interfaces/ecpg/preproc/variable.c		patch \| blob \| history
src/interfaces/libpgtcl/pgtclCmds.c		patch \| blob \| history
src/interfaces/libpq/fe-auth.c		patch \| blob \| history