Re: contrib/ buffer paranoia

Alvaro Herrera <alvherre@atentus.com> writes:
> I think in dbase/dbf2pg.c the limit of 10 to pgdate should be 11
> (snprintf counts the \0 at the end).

Yes, but so does the array declaration itself: a char[10] can hold at
most 9 characters plus the '\0' terminator. I think the original code
is buggy: if the author wants to store 10 characters plus a terminator
in the array, it should be declared as a char[11]. Using snprintf() of
length 11 with a char[10] would allow for a one-character overrun.

(Or did I not drink enough coffee this morning? :-) )

Cheers,

Neil

--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC