[postgis-tickets] [SCM] PostGIS branch stable-3.2 updated. 3.2.2-3-gd7d8b5526

git at osgeo.org git at osgeo.org
Mon Jul 25 14:07:29 PDT 2022 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PostGIS".

The branch, stable-3.2 has been updated
       via  d7d8b5526500055c50c27bcd4d3e21cbf616e531 (commit)
      from  919b92c0503cd9bd1797fe31366bfc8e09a5fbba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d7d8b5526500055c50c27bcd4d3e21cbf616e531
Author: Paul Ramsey <pramsey at cleverelephant.ca>
Date:   Mon Jul 25 14:01:44 2022 -0700

    Move to using snprintf for fixed length buffers.

diff --git a/extras/WFS_locks/WFS_locks.c b/extras/WFS_locks/WFS_locks.c
index 31c79bf63..6655ac191 100644
--- a/extras/WFS_locks/WFS_locks.c
+++ b/extras/WFS_locks/WFS_locks.c
@@ -33,8 +33,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 	char *lockcode;
 	char *authtable = "authorization_table";
 	const char *op;
-#define ERRMSGLEN 256
-	char errmsg[ERRMSGLEN];
+	char errmsg[256];
 
 
 	/* Make sure trigdata is pointing at what I expect */
@@ -86,7 +85,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 	elog(NOTICE,"check_authorization called");
 #endif
 
-	sprintf(query,"SELECT authid FROM \"%s\" WHERE expires >= now() AND toid = '%d' AND rid = '%s'", authtable, trigdata->tg_relation->rd_id, pk_id);
+	snprintf(query, sizeof(query), "SELECT authid FROM \"%s\" WHERE expires >= now() AND toid = '%d' AND rid = '%s'", authtable, trigdata->tg_relation->rd_id, pk_id);
 
 #if PGIS_DEBUG > 1
 	elog(NOTICE,"about to execute :%s", query);
@@ -120,7 +119,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 	 * check to see if temp_lock_have_table table exists
 	 * (it might not exist if they own no locks)
 	 */
-	sprintf(query,"SELECT * FROM pg_class WHERE relname = 'temp_lock_have_table'");
+	snprintf(query, sizeof(query), "SELECT * FROM pg_class WHERE relname = 'temp_lock_have_table'");
 	SPIcode = SPI_exec(query,0);
 	if (SPIcode != SPI_OK_SELECT )
 		elog(ERROR,"couldnt execute to test for lockkey temp table :%s",query);
@@ -129,7 +128,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 		goto fail;
 	}
 
-	sprintf(query, "SELECT * FROM temp_lock_have_table WHERE xideq( transid, getTransactionID() ) AND lockcode ='%s'", lockcode);
+	snprintf(query, sizeof(query), "SELECT * FROM temp_lock_have_table WHERE xideq( transid, getTransactionID() ) AND lockcode ='%s'", lockcode);
 
 #if PGIS_DEBUG
 	elog(NOTICE,"about to execute :%s", query);
@@ -150,7 +149,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 
 fail:
 
-	snprintf(errmsg, ERRMSGLEN, "%s where \"%s\" = '%s' requires authorization '%s'",
+	snprintf(errmsg, sizeof(errmsg), "%s where \"%s\" = '%s' requires authorization '%s'",
 	         op, colname, pk_id, lockcode);
 	errmsg[ERRMSGLEN-1] = '\0';
 
diff --git a/postgis/long_xact.c b/postgis/long_xact.c
index 91b2344ba..68e64796d 100644
--- a/postgis/long_xact.c
+++ b/postgis/long_xact.c
@@ -61,8 +61,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 	char *lockcode;
 	char *authtable = "authorization_table";
 	const char *op;
-#define ERRMSGLEN 256
-	char err_msg[ERRMSGLEN];
+	char err_msg[256];
 
 
 	/* Make sure trigdata is pointing at what I expect */
@@ -112,7 +111,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 
 	POSTGIS_DEBUG(3, "check_authorization called");
 
-	sprintf(query,"SELECT authid FROM \"%s\" WHERE expires >= now() AND toid = '%d' AND rid = '%s'", authtable, trigdata->tg_relation->rd_id, pk_id);
+	snprintf(query, sizeof(query), "SELECT authid FROM \"%s\" WHERE expires >= now() AND toid = '%d' AND rid = '%s'", authtable, trigdata->tg_relation->rd_id, pk_id);
 
 	POSTGIS_DEBUGF(3 ,"about to execute :%s", query);
 
@@ -141,7 +140,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 	 * check to see if temp_lock_have_table table exists
 	 * (it might not exist if they own no locks)
 	 */
-	sprintf(query,"SELECT * FROM pg_class WHERE relname = 'temp_lock_have_table'");
+	snprintf(query, sizeof(query), "SELECT * FROM pg_class WHERE relname = 'temp_lock_have_table'");
 	SPIcode = SPI_exec(query,0);
 	if (SPIcode != SPI_OK_SELECT )
 		elog(ERROR,"couldnt execute to test for lockkey temp table :%s",query);
@@ -150,7 +149,7 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 		goto fail;
 	}
 
-	sprintf(query, "SELECT * FROM temp_lock_have_table WHERE xideq( transid, getTransactionID() ) AND lockcode ='%s'", lockcode);
+	snprintf(query, sizeof(query), "SELECT * FROM temp_lock_have_table WHERE xideq( transid, getTransactionID() ) AND lockcode ='%s'", lockcode);
 
 	POSTGIS_DEBUGF(3, "about to execute :%s", query);
 
@@ -168,9 +167,9 @@ Datum check_authorization(PG_FUNCTION_ARGS)
 
 fail:
 
-	snprintf(err_msg, ERRMSGLEN, "%s where \"%s\" = '%s' requires authorization '%s'",
+	snprintf(err_msg, sizeof(err_msg), "%s where \"%s\" = '%s' requires authorization '%s'",
 	         op, colname, pk_id, lockcode);
-	err_msg[ERRMSGLEN-1] = '\0';
+	err_msg[sizeof(err_msg)-1] = '\0';
 
 #ifdef ABORT_ON_AUTH_FAILURE
 	elog(ERROR, "%s", err_msg);

-----------------------------------------------------------------------

Summary of changes:
 extras/WFS_locks/WFS_locks.c | 11 +++++------
 postgis/long_xact.c          | 13 ++++++-------
 2 files changed, 11 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
PostGIS

More information about the postgis-tickets mailing list