The following bug has been logged online:
Bug reference: 2672
Logged by: ragetron99
Email address: ragetron99@gmail.com
PostgreSQL version: 8.1.4
Operating system: irrelevant
Description: stored procedure argument and return type length
validation
Details:
PgSQL doesn't seem to perform length validation for variable-length types
used as arguments or return values in a stored procedure. The oidvector in
pg_proc used as the function signature seems to be the only type-related
specification that exists. Why are stored procedures (and whatever
functionality invokes them) expected to manually validate inputs in this
manner instead of having it automatically enforced?
$ create or replace function hello_tom_lane(varchar(3)) returns varchar(3)
as 'select $1;' language sql;
CREATE FUNCTION
$ select hello_tom_lane('hello tom lane why is this not limited to three
characters?');
hello_tom_lane
-------------------------------------------------------------
hello tom lane why is this not limited to three characters?