Replace static buf with a stack-allocated one in 'seg' extension

hlinnaka · hlinnaka · commit 01e51ed78070 · 2024-07-30T22:06:03.000+03:00
The buffer is used only locally within the function. Also, the initialization to '0' characters was unnecessary, the initial content were always overwritten with sprintf(). I don't understand why it was done that way, but it's been like that since forever. In the passing, change from sprintf() to snprintf(). The buffer was long enough so sprintf() was fine, but this makes it more obvious that there's no risk of a buffer overflow. Reviewed-by: Robert Haas Discussion: https://www.postgresql.org/message-id/7f86e06a-98c5-4ce3-8ec9-3885c8de0358@iki.fi
diff --git a/contrib/seg/segparse.y b/contrib/seg/segparse.y
@@ -29,14 +29,6 @@ static bool seg_atof(char *value, float *result, struct Node *escontext);
 
 static int sig_digits(const char *value);
 
-static char strbuf[25] = {
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '\0'
-};
-
 %}
 
 /* BISON Declarations */
@@ -69,11 +61,13 @@ static char strbuf[25] = {
 
 range: boundary PLUMIN deviation
 	{
+		char		strbuf[25];
+
 		result->lower = $1.val - $3.val;
 		result->upper = $1.val + $3.val;
-		sprintf(strbuf, "%g", result->lower);
+		snprintf(strbuf, sizeof(strbuf), "%g", result->lower);
 		result->l_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd));
-		sprintf(strbuf, "%g", result->upper);
+		snprintf(strbuf, sizeof(strbuf), "%g", result->upper);
 		result->u_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd));
 		result->l_ext = '\0';
 		result->u_ext = '\0';
