From: Michael Meskes <meskes@postgresql.org>
Date: Thu, 22 Dec 2016 07:28:13 +0000 (+0100)
Subject: Fix buffer overflow on particularly named files and clarify documentation about
X-Git-Tag: REL9_2_20~39
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=501c9107487d33e234f4af8bf77f2aa64c05e6d3;p=postgresql

Fix buffer overflow on particularly named files and clarify documentation about
output file naming.

Patch by Tsunakawa, Takayuki <tsunakawa.takay@jp.fujitsu.com>
---

diff --git a/doc/src/sgml/ref/ecpg-ref.sgml b/doc/src/sgml/ref/ecpg-ref.sgml
index edd20dcdd5..226a9caa4d 100644
--- a/doc/src/sgml/ref/ecpg-ref.sgml
+++ b/doc/src/sgml/ref/ecpg-ref.sgml
@@ -42,11 +42,9 @@ PostgreSQL documentation
   <para>
    <command>ecpg</command> will convert each input file given on the
    command line to the corresponding C output file.  Input files
-   preferably have the extension <filename>.pgc</filename>, in which
-   case the extension will be replaced by <filename>.c</filename> to
-   determine the output file name.  If the extension of the input file
-   is not <filename>.pgc</filename>, then the output file name is
-   computed by appending <literal>.c</literal> to the full file name.
+   preferably have the extension <filename>.pgc</filename>.
+   The extension will be replaced by <filename>.c</filename> to
+   determine the output file name.
    The output file name can also be overridden using the
    <option>-o</option> option.
   </para>
diff --git a/src/interfaces/ecpg/preproc/ecpg.c b/src/interfaces/ecpg/preproc/ecpg.c
index d09dc48ef4..081d2ea345 100644
--- a/src/interfaces/ecpg/preproc/ecpg.c
+++ b/src/interfaces/ecpg/preproc/ecpg.c
@@ -309,7 +309,8 @@ main(int argc, char *const argv[])
 					base_yyout = stdout;
 				else
 				{
-					output_filename = strdup(input_filename);
+					output_filename = mm_alloc(strlen(input_filename) + 3);
+					strcpy(output_filename, input_filename);
 
 					ptr2ext = strrchr(output_filename, '.');
 					/* make extension = .c resp. .h */