Re: contrib/ buffer paranoia

Alvaro Herrera <alvherre@atentus.com> writes:
> Neil Conway dijo:
> > Alvaro Herrera <alvherre@atentus.com> writes:
> > > I think in dbase/dbf2pg.c the limit of 10 to pgdate should be 11
> > > (snprintf counts the \0 at the end).
> >
> > Yes, but so does the array declaration itself: a char[10] can hold at
> > most 9 characters plus the '\0' terminator. I think the original code
> > is buggy: if the author wants to store 10 characters plus a terminator
> > in the array, it should be declared as a char[11]. Using snprintf() of
> > length 11 with a char[10] would allow for a one-character overrun.
>
> I agree.  Maybe it worked out of pure luck (or some alignment magic).
> But while you're at it, you can as well correct the bug.

Ok, a revised patch is attached that fixes the off-by-one bug in
dbase/dbf2pg.c

Thanks for the code review.

Cheers,

Neil

--
Neil Conway <neilconway@rogers.com>
PGP Key ID: DB3C29FC