From: Hiroshi Inoue Date: Mon, 5 Jun 2017 11:52:41 +0000 (+0900) Subject: Clean up the use of sprintf(). Replace sprintf() by snprintf() or the macro SPRINTF_F... X-Git-Tag: REL-09_06_0400~21 X-Git-Url: http://git.postgresql.org/gitweb/static/%7B%7Bpguslink%28?a=commitdiff_plain;h=9636287c7051a4f99b9f79e93f6e7882a635aaed;p=psqlodbc.git Clean up the use of sprintf(). Replace sprintf() by snprintf() or the macro SPRINTF_FIXED(). --- diff --git a/connection.c b/connection.c index 2445bb8..1df68d7 100644 --- a/connection.c +++ b/connection.c @@ -2574,17 +2574,17 @@ LIBPQ_connect(ConnectionClass *self) } if (self->login_timeout > 0) { - sprintf(login_timeout_str, "%u", (unsigned int) self->login_timeout); + SPRINTF_FIXED(login_timeout_str, "%u", (unsigned int) self->login_timeout); opts[cnt] = "connect_timeout"; vals[cnt++] = login_timeout_str; } if (self->connInfo.keepalive_idle > 0) { - sprintf(keepalive_idle_str, "%d", self->connInfo.keepalive_idle); + ITOA_FIXED(keepalive_idle_str, self->connInfo.keepalive_idle); opts[cnt] = "keepalives_idle"; vals[cnt++] = keepalive_idle_str; } if (self->connInfo.keepalive_interval > 0) { - sprintf(keepalive_interval_str, "%d", self->connInfo.keepalive_interval); + ITOA_FIXED(keepalive_interval_str, self->connInfo.keepalive_interval); opts[cnt] = "keepalives_interval"; vals[cnt++] = keepalive_interval_str; } if (conninfoOption != NULL) @@ -2664,7 +2664,7 @@ inolog("status=%d\n", pqret); pversion = PQserverVersion(pqconn); self->pg_version_major = pversion / 10000; self->pg_version_minor = (pversion % 10000) / 100; - sprintf(self->pg_version, "%d.%d.%d", self->pg_version_major, self->pg_version_minor, pversion % 100); + SPRINTF_FIXED(self->pg_version, "%d.%d.%d", self->pg_version_major, self->pg_version_minor, pversion % 100); mylog("Server version=%s\n", self->pg_version); @@ -2792,14 +2792,13 @@ make_lstring_ifneeded(ConnectionClass *conn, const SQLCHAR *s, ssize_t len, BOOL * This routine could be modified to use vsprintf() to handle multiple arguments. */ static char * -my_strcat(char *buf, const char *fmt, const char *s, ssize_t len) +my_strcat(char *buf, int buflen, const char *fmt, const char *s, ssize_t len) { - if (s && (len > 0 || (len == SQL_NTS && strlen(s) > 0))) + if (s && (len > 0 || (len == SQL_NTS && *s != 0))) { - size_t length = (len > 0) ? len : strlen(s); - size_t pos = strlen(buf); + size_t length = (len > 0) ? len : strlen(s); - sprintf(&buf[pos], fmt, length, s); + snprintf_add(buf, buflen, fmt, length, s); return buf; } return NULL; @@ -2810,24 +2809,23 @@ my_strcat(char *buf, const char *fmt, const char *s, ssize_t len) * It can have 1 more parameter than my_strcat. */ static char * -my_strcat1(char *buf, const char *fmt, const char *s1, const char *s) +my_strcat1(char *buf, int buflen, const char *fmt, const char *s1, const char *s) { if (s && s[0] != '\0') { - size_t pos = strlen(buf); ssize_t length = strlen(s); if (s1) - sprintf(&buf[pos], fmt, s1, length, s); + snprintf_add(buf, buflen, fmt, s1, length, s); else - sprintf(&buf[pos], fmt, length, s); + snprintf_add(buf, buflen, fmt, length, s); return buf; } return NULL; } char * -schema_strcat(char *buf, const char *fmt, const SQLCHAR *s, SQLLEN len, const SQLCHAR *tbname, SQLLEN tbnmlen, ConnectionClass *conn) +schema_strcat(char *buf, int buflen, const char *fmt, const SQLCHAR *s, SQLLEN len, const SQLCHAR *tbname, SQLLEN tbnmlen, ConnectionClass *conn) { if (!s || 0 == len) { @@ -2837,22 +2835,22 @@ schema_strcat(char *buf, const char *fmt, const SQLCHAR *s, SQLLEN len, const SQ * naming. */ if (tbname && (tbnmlen > 0 || tbnmlen == SQL_NTS)) - return my_strcat(buf, fmt, CC_get_current_schema(conn), SQL_NTS); + return my_strcat(buf, buflen, fmt, CC_get_current_schema(conn), SQL_NTS); return NULL; } - return my_strcat(buf, fmt, (char *) s, len); + return my_strcat(buf, buflen, fmt, (char *) s, len); } char * -schema_strcat1(char *buf, const char *fmt, const char *s1, const char *s, const SQLCHAR *tbname, int tbnmlen, ConnectionClass *conn) +schema_strcat1(char *buf, int buflen, const char *fmt, const char *s1, const char *s, const SQLCHAR *tbname, int tbnmlen, ConnectionClass *conn) { if (!s || s[0] == '\0') { if (tbname && (tbnmlen > 0 || tbnmlen == SQL_NTS)) - return my_strcat1(buf, fmt, s1, CC_get_current_schema(conn)); + return my_strcat1(buf, buflen, fmt, s1, CC_get_current_schema(conn)); return NULL; } - return my_strcat1(buf, fmt, s1, s); + return my_strcat1(buf, buflen, fmt, s1, s); } #ifdef _HANDLE_ENLIST_IN_DTC_ @@ -2922,10 +2920,10 @@ DLL_DECLARE void PgDtc_create_connect_string(void *self, char *connstr, int strs { case DTC_CHECK_LINK_ONLY: case DTC_CHECK_BEFORE_LINK: - sprintf(xaOptStr, KEYWORD_DTC_CHECK "=0;"); + SPRINTF_FIXED(xaOptStr, KEYWORD_DTC_CHECK "=0;"); break; case DTC_CHECK_RM_CONNECTION: - sprintf(xaOptStr, KEYWORD_DTC_CHECK "=1;"); + SPRINTF_FIXED(xaOptStr, KEYWORD_DTC_CHECK "=1;"); break; default: *xaOptStr = '\0'; diff --git a/connection.h b/connection.h index 596c09e..339907f 100644 --- a/connection.h +++ b/connection.h @@ -422,9 +422,9 @@ const char *CurrCatString(const ConnectionClass *self); SQLUINTEGER CC_get_isolation(ConnectionClass *self); SQLCHAR *make_lstring_ifneeded(ConnectionClass *, const SQLCHAR *s, ssize_t len, BOOL); -char *schema_strcat(char *buf, const char *fmt, const SQLCHAR *s, SQLLEN len, +char *schema_strcat(char *buf, int buflen, const char *fmt, const SQLCHAR *s, SQLLEN len, const SQLCHAR *, SQLLEN, ConnectionClass *conn); -char *schema_strcat1(char *buf, const char *fmt, const char *s1, +char *schema_strcat1(char *buf, int buflen, const char *fmt, const char *s1, const char *s, const SQLCHAR *, int, ConnectionClass *conn); diff --git a/convert.c b/convert.c index 6249ae0..4d29f2a 100644 --- a/convert.c +++ b/convert.c @@ -2704,7 +2704,7 @@ inolog("prepareParametersNoDesc\n"); retval = SQL_ERROR; #define return DONT_CALL_RETURN_FROM_HERE??? if (NAMED_PARSE_REQUEST == SC_get_prepare_method(stmt)) - sprintf(plan_name, "_PLAN%p", stmt); + SPRINTF_FIXED(plan_name, "_PLAN%p", stmt); else plan_name[0] = '\0'; @@ -2926,7 +2926,7 @@ inolog("type=%d concur=%d\n", stmt->options.cursor_type, stmt->options.scroll_co { char curname[32]; - sprintf(curname, "SQL_CUR%p", stmt); + SPRINTF_FIXED(curname, "SQL_CUR%p", stmt); STRX_TO_NAME(stmt->cursor_name, curname); } if (stmt->stmt_with_params) @@ -2955,7 +2955,7 @@ inolog("type=%d concur=%d\n", stmt->options.cursor_type, stmt->options.scroll_co /* Nothing to do here. It will be prepared before execution. */ char plan_name[32]; if (NAMED_PARSE_REQUEST == SC_get_prepare_method(stmt)) - sprintf(plan_name, "_PLAN%p", stmt); + SPRINTF_FIXED(plan_name, "_PLAN%p", stmt); else plan_name[0] = '\0'; @@ -2994,8 +2994,9 @@ inolog("type=%d concur=%d\n", stmt->options.cursor_type, stmt->options.scroll_co } if (SC_is_fetchcursor(stmt)) { - sprintf(new_statement, "%sdeclare \"%s\"%s cursor%s for ", - new_statement, SC_cursor_name(stmt), opt_scroll, opt_hold); + snprintf_add(new_statement, qb->str_alsize, + "declare \"%s\"%s cursor%s for ", + SC_cursor_name(stmt), opt_scroll, opt_hold); qb->npos = strlen(new_statement); qp->flags |= FLGP_USING_CURSOR; qp->declare_pos = qb->npos; @@ -4146,9 +4147,9 @@ inolog("ipara=%p paramType=%d %d proc_return=%d\n", ipara, ipara ? ipara->paramT SQL_PARAM_OUTPUT != ipara->paramType && (qb->flags & FLGB_PARAM_CAST) != 0 && !parameter_is_with_cast(qp)) - sprintf(pnum, "$%d%s", qb->dollar_number, sqltype_to_pgcast(conn, ipara->SQLType)); + SPRINTF_FIXED(pnum, "$%d%s", qb->dollar_number, sqltype_to_pgcast(conn, ipara->SQLType)); else - sprintf(pnum, "$%d", qb->dollar_number); + SPRINTF_FIXED(pnum, "$%d", qb->dollar_number); CVT_APPEND_STR(qb, pnum); return SQL_SUCCESS; } @@ -4342,7 +4343,7 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use if (_finite(dbv)) #endif /* WIN32 */ { - sprintf(param_string, "%.*g", PG_DOUBLE_DIGITS, dbv); + SPRINTF_FIXED(param_string, "%.*g", PG_DOUBLE_DIGITS, dbv); set_server_decimal_point(param_string, SQL_NTS); } #ifdef WIN32 @@ -4361,7 +4362,7 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use if (_finite(flv)) #endif /* WIN32 */ { - sprintf(param_string, "%.*g", PG_REAL_DIGITS, flv); + SPRINTF_FIXED(param_string, "%.*g", PG_REAL_DIGITS, flv); set_server_decimal_point(param_string, SQL_NTS); } #ifdef WIN32 @@ -4376,47 +4377,45 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use case SQL_C_SLONG: case SQL_C_LONG: - sprintf(param_string, FORMAT_INTEGER, + SPRINTF_FIXED(param_string, FORMAT_INTEGER, *((SQLINTEGER *) buffer)); break; #ifdef ODBCINT64 case SQL_C_SBIGINT: case SQL_BIGINT: /* Is this needed ? */ - sprintf(param_string, FORMATI64, + SPRINTF_FIXED(param_string, FORMATI64, *((SQLBIGINT *) buffer)); break; case SQL_C_UBIGINT: - sprintf(param_string, FORMATI64U, + SPRINTF_FIXED(param_string, FORMATI64U, *((SQLUBIGINT *) buffer)); break; #endif /* ODBCINT64 */ case SQL_C_SSHORT: case SQL_C_SHORT: - sprintf(param_string, "%d", - *((SQLSMALLINT *) buffer)); + ITOA_FIXED(param_string, *((SQLSMALLINT *) buffer)); break; case SQL_C_STINYINT: case SQL_C_TINYINT: - sprintf(param_string, "%d", - *((SCHAR *) buffer)); + ITOA_FIXED(param_string, *((SCHAR *) buffer)); break; case SQL_C_ULONG: - sprintf(param_string, FORMAT_UINTEGER, + SPRINTF_FIXED(param_string, FORMAT_UINTEGER, *((SQLUINTEGER *) buffer)); break; case SQL_C_USHORT: - sprintf(param_string, "%u", + SPRINTF_FIXED(param_string, "%u", *((SQLUSMALLINT *) buffer)); break; case SQL_C_UTINYINT: - sprintf(param_string, "%u", + SPRINTF_FIXED(param_string, "%u", *((UCHAR *) buffer)); break; @@ -4424,7 +4423,7 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use { int i = *((UCHAR *) buffer); - sprintf(param_string, "%d", i ? 1 : 0); + ITOA_FIXED(param_string, i ? 1 : 0); break; } @@ -4484,27 +4483,27 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use } case SQL_C_INTERVAL_YEAR: ivsign = ivstruct->interval_sign ? "-" : ""; - sprintf(param_string, "%s%u years", ivsign, (unsigned int) ivstruct->intval.year_month.year); + SPRINTF_FIXED(param_string, "%s%u years", ivsign, (unsigned int) ivstruct->intval.year_month.year); break; case SQL_C_INTERVAL_MONTH: case SQL_C_INTERVAL_YEAR_TO_MONTH: ivsign = ivstruct->interval_sign ? "-" : ""; - sprintf(param_string, "%s%u years %s%u mons", ivsign, (unsigned int) ivstruct->intval.year_month.year, ivsign, (unsigned int) ivstruct->intval.year_month.month); + SPRINTF_FIXED(param_string, "%s%u years %s%u mons", ivsign, (unsigned int) ivstruct->intval.year_month.year, ivsign, (unsigned int) ivstruct->intval.year_month.month); break; case SQL_C_INTERVAL_DAY: ivsign = ivstruct->interval_sign ? "-" : ""; - sprintf(param_string, "%s%u days", ivsign, (unsigned int) ivstruct->intval.day_second.day); + SPRINTF_FIXED(param_string, "%s%u days", ivsign, (unsigned int) ivstruct->intval.day_second.day); break; case SQL_C_INTERVAL_HOUR: case SQL_C_INTERVAL_DAY_TO_HOUR: ivsign = ivstruct->interval_sign ? "-" : ""; - sprintf(param_string, "%s%u days %s%02u:00:00", ivsign, (unsigned int) ivstruct->intval.day_second.day, ivsign, (unsigned int) ivstruct->intval.day_second.hour); + SPRINTF_FIXED(param_string, "%s%u days %s%02u:00:00", ivsign, (unsigned int) ivstruct->intval.day_second.day, ivsign, (unsigned int) ivstruct->intval.day_second.hour); break; case SQL_C_INTERVAL_MINUTE: case SQL_C_INTERVAL_HOUR_TO_MINUTE: case SQL_C_INTERVAL_DAY_TO_MINUTE: ivsign = ivstruct->interval_sign ? "-" : ""; - sprintf(param_string, "%s%u days %s%02u:%02u:00", ivsign, (unsigned int) ivstruct->intval.day_second.day, ivsign, (unsigned int) ivstruct->intval.day_second.hour, (unsigned int) ivstruct->intval.day_second.minute); + SPRINTF_FIXED(param_string, "%s%u days %s%02u:%02u:00", ivsign, (unsigned int) ivstruct->intval.day_second.day, ivsign, (unsigned int) ivstruct->intval.day_second.hour, (unsigned int) ivstruct->intval.day_second.minute); break; case SQL_C_INTERVAL_SECOND: @@ -4512,7 +4511,7 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use case SQL_C_INTERVAL_HOUR_TO_SECOND: case SQL_C_INTERVAL_MINUTE_TO_SECOND: ivsign = ivstruct->interval_sign ? "-" : ""; - sprintf(param_string, "%s%u days %s%02u:%02u:%02u", + SPRINTF_FIXED(param_string, "%s%u days %s%02u:%02u:%02u", ivsign, (unsigned int) ivstruct->intval.day_second.day, ivsign, (unsigned int) ivstruct->intval.day_second.hour, (unsigned int) ivstruct->intval.day_second.minute, @@ -4526,7 +4525,7 @@ mylog(" %s:C_WCHAR=%d contents=%s(%d)\n", __FUNCTION__, param_ctype, buffer, use fraction /= 10; prec--; } - sprintf(¶m_string[strlen(param_string)], ".%0*d", prec, fraction); + snprintf_add(param_string, sizeof(param_string), ".%0*d", prec, fraction); } break; case SQL_C_GUID: @@ -4658,9 +4657,9 @@ mylog("cvt_null_date_string=%d pgtype=%d send_buf=%p\n", conn->connInfo.cvt_null } if (st.y < 0) - sprintf(tmp, "%.4d-%.2d-%.2d BC", -st.y, st.m, st.d); + SPRINTF_FIXED(tmp, "%.4d-%.2d-%.2d BC", -st.y, st.m, st.d); else - sprintf(tmp, "%.4d-%.2d-%.2d", st.y, st.m, st.d); + SPRINTF_FIXED(tmp, "%.4d-%.2d-%.2d", st.y, st.m, st.d); lastadd = "::date"; send_buf = tmp; used = SQL_NTS; @@ -4678,10 +4677,10 @@ mylog("cvt_null_date_string=%d pgtype=%d send_buf=%p\n", conn->connInfo.cvt_null { int wdt; int fr = effective_fraction(st.fr, &wdt); - sprintf(tmp, "%.2d:%.2d:%.2d.%0*d", st.hh, st.mm, st.ss, wdt, fr); + SPRINTF_FIXED(tmp, "%.2d:%.2d:%.2d.%0*d", st.hh, st.mm, st.ss, wdt, fr); } else - sprintf(tmp, "%.2d:%.2d:%.2d", st.hh, st.mm, st.ss); + SPRINTF_FIXED(tmp, "%.2d:%.2d:%.2d", st.hh, st.mm, st.ss); lastadd = "::time"; send_buf = tmp; used = SQL_NTS; @@ -4696,7 +4695,7 @@ mylog("cvt_null_date_string=%d pgtype=%d send_buf=%p\n", conn->connInfo.cvt_null } /* - * sprintf(tmp, "%.4d-%.2d-%.2d %.2d:%.2d:%.2d", st.y, + * SPRINTF_FIXED(tmp, "%.4d-%.2d-%.2d %.2d:%.2d:%.2d", st.y, * st.m, st.d, st.hh, st.mm, st.ss); */ /* Time zone stuff is unreliable */ @@ -4832,7 +4831,7 @@ mylog("cvt_null_date_string=%d pgtype=%d send_buf=%p\n", conn->connInfo.cvt_null * parameter marker -- the data has already been sent to * the large object */ - sprintf(param_string, "%u", lobj_oid); + SPRINTF_FIXED(param_string, "%u", lobj_oid); lastadd = "::lo"; send_buf = param_string; used = SQL_NTS; diff --git a/dlg_specific.c b/dlg_specific.c index 00a535a..89d68c9 100644 --- a/dlg_specific.c +++ b/dlg_specific.c @@ -192,7 +192,7 @@ abbrev_sslmode(const char *sslmode, char *abbrevmode, size_t abbrevsize) } static char * -makeKeepaliveConnectString(char *target, const ConnInfo *ci, BOOL abbrev) +makeKeepaliveConnectString(char *target, int buflen, const ConnInfo *ci, BOOL abbrev) { char *buf = target; *buf = '\0'; @@ -203,17 +203,16 @@ makeKeepaliveConnectString(char *target, const ConnInfo *ci, BOOL abbrev) if (ci->keepalive_idle >= 0) { if (abbrev) - sprintf(buf, ABBR_KEEPALIVETIME "=%u;", ci->keepalive_idle); + snprintf(buf, buflen, ABBR_KEEPALIVETIME "=%u;", ci->keepalive_idle); else - sprintf(buf, INI_KEEPALIVETIME "=%u;", ci->keepalive_idle); - buf = strchr(buf, (int) '\0'); + snprintf(buf, buflen, INI_KEEPALIVETIME "=%u;", ci->keepalive_idle); } if (ci->keepalive_interval >= 0) { if (abbrev) - sprintf(buf, ABBR_KEEPALIVEINTERVAL "=%u;", ci->keepalive_interval); + snprintf_add(buf, buflen, ABBR_KEEPALIVEINTERVAL "=%u;", ci->keepalive_interval); else - sprintf(buf, INI_KEEPALIVEINTERVAL "=%u;", ci->keepalive_interval); + snprintf_add(buf, buflen, INI_KEEPALIVEINTERVAL "=%u;", ci->keepalive_interval); } return target; } @@ -258,7 +257,7 @@ makeBracketConnectString(char **target, pgNAME item, const char *optname) #ifdef _HANDLE_ENLIST_IN_DTC_ char * -makeXaOptConnectString(char *target, const ConnInfo *ci, BOOL abbrev) +makeXaOptConnectString(char *target, int buflen, const ConnInfo *ci, BOOL abbrev) { char *buf = target; *buf = '\0'; @@ -269,10 +268,10 @@ makeXaOptConnectString(char *target, const ConnInfo *ci, BOOL abbrev) if (abbrev) { if (DEFAULT_XAOPT != ci->xa_opt) - sprintf(buf, ABBR_XAOPT "=%u;", ci->xa_opt); + snprintf(buf, buflen, ABBR_XAOPT "=%u;", ci->xa_opt); } else - sprintf(buf, INI_XAOPT "=%u;", ci->xa_opt); + snprintf(buf, buflen, INI_XAOPT "=%u;", ci->xa_opt); return target; } #endif /* _HANDLE_ENLIST_IN_DTC_ */ @@ -387,7 +386,7 @@ inolog("hlen=%d", hlen); ,ci->use_server_side_prepare ,ci->lower_case_identifier ,makeBracketConnectString(&pqoptStr, ci->pqopt, INI_PQOPT) - ,makeKeepaliveConnectString(keepaliveStr, ci, FALSE) + ,makeKeepaliveConnectString(keepaliveStr, sizeof(keepaliveStr), ci, FALSE) #ifdef WIN32 ,ci->gssauth_use_gssapi #endif /* WIN32 */ @@ -479,9 +478,9 @@ inolog("hlen=%d", hlen); ci->int8_as, ci->drivers.extra_systable_prefixes, makeBracketConnectString(&pqoptStr, ci->pqopt, ABBR_PQOPT), - makeKeepaliveConnectString(keepaliveStr, ci, TRUE), + makeKeepaliveConnectString(keepaliveStr, sizeof(keepaliveStr), ci, TRUE), #ifdef _HANDLE_ENLIST_IN_DTC_ - makeXaOptConnectString(xaOptStr, ci, TRUE), + makeXaOptConnectString(xaOptStr, sizeof(xaOptStr), ci, TRUE), #endif /* _HANDLE_ENLIST_IN_DTC_ */ EFFECTIVE_BIT_COUNT, flag); if (olen < nlen || ci->rollback_on_error >= 0) @@ -556,14 +555,14 @@ unfoldCXAttribute(ConnInfo *ci, const char *value) ci->drivers.debug = (char)((flag & BIT_DEBUG) != 0); ci->drivers.parse = (char)((flag & BIT_PARSE) != 0); ci->drivers.use_declarefetch = (char)((flag & BIT_USEDECLAREFETCH) != 0); - sprintf(ci->onlyread, "%d", (char)((flag & BIT_READONLY) != 0)); + ITOA_FIXED(ci->onlyread, (char)((flag & BIT_READONLY) != 0)); ci->drivers.text_as_longvarchar = (char)((flag & BIT_TEXTASLONGVARCHAR) !=0); ci->drivers.unknowns_as_longvarchar = (char)((flag & BIT_UNKNOWNSASLONGVARCHAR) !=0); ci->drivers.bools_as_char = (char)((flag & BIT_BOOLSASCHAR) != 0); - sprintf(ci->row_versioning, "%d", (char)((flag & BIT_ROWVERSIONING) != 0)); - sprintf(ci->show_system_tables, "%d", (char)((flag & BIT_SHOWSYSTEMTABLES) != 0)); - sprintf(ci->show_oid_column, "%d", (char)((flag & BIT_SHOWOIDCOLUMN) != 0)); - sprintf(ci->fake_oid_index, "%d", (char)((flag & BIT_FAKEOIDINDEX) != 0)); + ITOA_FIXED(ci->row_versioning, (char)((flag & BIT_ROWVERSIONING) != 0)); + ITOA_FIXED(ci->show_system_tables, (char)((flag & BIT_SHOWSYSTEMTABLES) != 0)); + ITOA_FIXED(ci->show_oid_column, (char)((flag & BIT_SHOWOIDCOLUMN) != 0)); + ITOA_FIXED(ci->fake_oid_index, (char)((flag & BIT_FAKEOIDINDEX) != 0)); ci->true_is_minus1 = (char)((flag & BIT_TRUEISMINUS1) != 0); ci->bytea_as_longvarbinary = (char)((flag & BIT_BYTEAASLONGVARBINARY) != 0); ci->use_server_side_prepare = (char)((flag & BIT_USESERVERSIDEPREPARE) != 0); @@ -789,11 +788,11 @@ getCiDefaults(ConnInfo *ci) ci->drivers.debug = DEFAULT_DEBUG; ci->drivers.commlog = DEFAULT_COMMLOG; - sprintf(ci->onlyread, "%d", DEFAULT_READONLY); - sprintf(ci->fake_oid_index, "%d", DEFAULT_FAKEOIDINDEX); - sprintf(ci->show_oid_column, "%d", DEFAULT_SHOWOIDCOLUMN); - sprintf(ci->show_system_tables, "%d", DEFAULT_SHOWSYSTEMTABLES); - sprintf(ci->row_versioning, "%d", DEFAULT_ROWVERSIONING); + ITOA_FIXED(ci->onlyread, DEFAULT_READONLY); + ITOA_FIXED(ci->fake_oid_index, DEFAULT_FAKEOIDINDEX); + ITOA_FIXED(ci->show_oid_column, DEFAULT_SHOWOIDCOLUMN); + ITOA_FIXED(ci->show_system_tables, DEFAULT_SHOWSYSTEMTABLES); + ITOA_FIXED(ci->row_versioning, DEFAULT_ROWVERSIONING); ci->allow_keyset = DEFAULT_UPDATABLECURSORS; ci->lf_conversion = DEFAULT_LFCONVERSION; ci->true_is_minus1 = DEFAULT_TRUEISMINUS1; @@ -879,7 +878,7 @@ getDSNinfo(ConnInfo *ci, const char *configDrvrname) { if (configDrvrname) drivername = configDrvrname; - STRCPY_FIXED(DSN, INI_DSN); + strncpy_null(DSN, INI_DSN, sizeof(ci->dsn)); } /* else dns-less connections */ } @@ -1096,51 +1095,51 @@ write_Ci_Drivers(const char *fileName, const char *sectionName, if (stricmp(ODBCINST_INI, fileName) == 0) return errc; - sprintf(tmp, "%d", comval->commlog); + ITOA_FIXED(tmp, comval->commlog); if (!SQLWritePrivateProfileString(sectionName, INI_COMMLOG, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->debug); + ITOA_FIXED(tmp, comval->debug); if (!SQLWritePrivateProfileString(sectionName, INI_DEBUG, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->fetch_max); + ITOA_FIXED(tmp, comval->fetch_max); if (!SQLWritePrivateProfileString(sectionName, INI_FETCH, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->unique_index); + ITOA_FIXED(tmp, comval->unique_index); if (!SQLWritePrivateProfileString(sectionName, INI_UNIQUEINDEX, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->use_declarefetch); + ITOA_FIXED(tmp, comval->use_declarefetch); if (!SQLWritePrivateProfileString(sectionName, INI_USEDECLAREFETCH, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->unknown_sizes); + ITOA_FIXED(tmp, comval->unknown_sizes); if (!SQLWritePrivateProfileString(sectionName, INI_UNKNOWNSIZES, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->text_as_longvarchar); + ITOA_FIXED(tmp, comval->text_as_longvarchar); if (!SQLWritePrivateProfileString(sectionName, INI_TEXTASLONGVARCHAR, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->unknowns_as_longvarchar); + ITOA_FIXED(tmp, comval->unknowns_as_longvarchar); if (!SQLWritePrivateProfileString(sectionName, INI_UNKNOWNSASLONGVARCHAR, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->bools_as_char); + ITOA_FIXED(tmp, comval->bools_as_char); if (!SQLWritePrivateProfileString(sectionName, INI_BOOLSASCHAR, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->parse); + ITOA_FIXED(tmp, comval->parse); if (!SQLWritePrivateProfileString(sectionName, INI_PARSE, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->max_varchar_size); + ITOA_FIXED(tmp, comval->max_varchar_size); if (!SQLWritePrivateProfileString(sectionName, INI_MAXVARCHARSIZE, tmp, fileName)) errc--; - sprintf(tmp, "%d", comval->max_longvarchar_size); + ITOA_FIXED(tmp, comval->max_longvarchar_size); if (!SQLWritePrivateProfileString(sectionName, INI_MAXLONGVARCHARSIZE, tmp, fileName)) errc--; @@ -1229,7 +1228,7 @@ writeDSNinfo(const ConnInfo *ci) ODBC_INI); if (ci->rollback_on_error >= 0) - sprintf(temp, "7.4-%d", ci->rollback_on_error); + snprintf(temp, sizeof(temp), "7.4-%d", ci->rollback_on_error); else STRCPY_FIXED(temp, NULL_STRING); SQLWritePrivateProfileString(DSN, @@ -1247,47 +1246,47 @@ writeDSNinfo(const ConnInfo *ci) SAFE_NAME(ci->pqopt), ODBC_INI); - sprintf(temp, "%d", ci->allow_keyset); + ITOA_FIXED(temp, ci->allow_keyset); SQLWritePrivateProfileString(DSN, INI_UPDATABLECURSORS, temp, ODBC_INI); - sprintf(temp, "%d", ci->lf_conversion); + ITOA_FIXED(temp, ci->lf_conversion); SQLWritePrivateProfileString(DSN, INI_LFCONVERSION, temp, ODBC_INI); - sprintf(temp, "%d", ci->true_is_minus1); + ITOA_FIXED(temp, ci->true_is_minus1); SQLWritePrivateProfileString(DSN, INI_TRUEISMINUS1, temp, ODBC_INI); - sprintf(temp, "%d", ci->int8_as); + ITOA_FIXED(temp, ci->int8_as); SQLWritePrivateProfileString(DSN, INI_INT8AS, temp, ODBC_INI); - sprintf(temp, "%x", getExtraOptions(ci)); + snprintf(temp, sizeof(temp), "%x", getExtraOptions(ci)); SQLWritePrivateProfileString(DSN, INI_EXTRAOPTIONS, temp, ODBC_INI); - sprintf(temp, "%d", ci->bytea_as_longvarbinary); + ITOA_FIXED(temp, ci->bytea_as_longvarbinary); SQLWritePrivateProfileString(DSN, INI_BYTEAASLONGVARBINARY, temp, ODBC_INI); - sprintf(temp, "%d", ci->use_server_side_prepare); + ITOA_FIXED(temp, ci->use_server_side_prepare); SQLWritePrivateProfileString(DSN, INI_USESERVERSIDEPREPARE, temp, ODBC_INI); - sprintf(temp, "%d", ci->lower_case_identifier); + ITOA_FIXED(temp, ci->lower_case_identifier); SQLWritePrivateProfileString(DSN, INI_LOWERCASEIDENTIFIER, temp, ODBC_INI); - sprintf(temp, "%d", ci->gssauth_use_gssapi); + ITOA_FIXED(temp, ci->gssauth_use_gssapi); SQLWritePrivateProfileString(DSN, INI_GSSAUTHUSEGSSAPI, temp, @@ -1296,18 +1295,18 @@ writeDSNinfo(const ConnInfo *ci) INI_SSLMODE, ci->sslmode, ODBC_INI); - sprintf(temp, "%d", ci->keepalive_idle); + ITOA_FIXED(temp, ci->keepalive_idle); SQLWritePrivateProfileString(DSN, INI_KEEPALIVETIME, temp, ODBC_INI); - sprintf(temp, "%d", ci->keepalive_interval); + ITOA_FIXED(temp, ci->keepalive_interval); SQLWritePrivateProfileString(DSN, INI_KEEPALIVEINTERVAL, temp, ODBC_INI); #ifdef _HANDLE_ENLIST_IN_DTC_ - sprintf(temp, "%d", ci->xa_opt); + ITOA_FIXED(temp, ci->xa_opt); SQLWritePrivateProfileString(DSN, INI_XAOPT, temp, ODBC_INI); #endif /* _HANDLE_ENLIST_IN_DTC_ */ } @@ -1461,7 +1460,7 @@ encode(const pgNAME in, char *out, int outlen) { if (o + 2 >= outlen) break; - sprintf(&out[o], "%%2B"); + snprintf(&out[o], outlen - o, "%%2B"); o += 3; } else if (isspace((unsigned char) inc)) @@ -1470,7 +1469,7 @@ encode(const pgNAME in, char *out, int outlen) { if (o + 2 >= outlen) break; - sprintf(&out[o], "%%%02x", inc); + snprintf(&out[o], outlen - o, "%%%02x", inc); o += 3; } else @@ -1523,7 +1522,8 @@ decode(const char *in) outs[o++] = ' '; else if (inc == '%') { - sprintf(&outs[o++], "%c", conv_from_hex(&in[i])); + snprintf(&outs[o], ilen + 1 - o, "%c", conv_from_hex(&in[i])); + o++; i += 2; } else diff --git a/dlg_wingui.c b/dlg_wingui.c index ffc2f33..45c6989 100644 --- a/dlg_wingui.c +++ b/dlg_wingui.c @@ -397,7 +397,7 @@ ds_options1Proc(HWND hdlg, sizeof(fbuf)); if (cmd <= 0) STRCPY_FIXED(fbuf, "Advanced Options (%s) 1/3"); - sprintf(strbuf, fbuf, ci->dsn); + SPRINTF_FIXED(strbuf, fbuf, ci->dsn); SetWindowText(hdlg, strbuf); } else @@ -457,7 +457,7 @@ ds_options_update(HWND hdlg, ConnInfo *ci) mylog("%s: got ci = %p\n", __FUNCTION__, ci); /* Readonly */ - sprintf(ci->onlyread, "%d", IsDlgButtonChecked(hdlg, DS_READONLY)); + ITOA_FIXED(ci->onlyread, IsDlgButtonChecked(hdlg, DS_READONLY)); /* Issue rollback command on error */ if (IsDlgButtonChecked(hdlg, DS_NO_ROLLBACK)) @@ -486,9 +486,9 @@ ds_options_update(HWND hdlg, ConnInfo *ci) GetDlgItemText(hdlg, DS_EXTRA_OPTIONS, buf, sizeof(buf)); setExtraOptions(ci, buf, NULL); - sprintf(ci->show_system_tables, "%d", IsDlgButtonChecked(hdlg, DS_SHOWSYSTEMTABLES)); + ITOA_FIXED(ci->show_system_tables, IsDlgButtonChecked(hdlg, DS_SHOWSYSTEMTABLES)); - sprintf(ci->row_versioning, "%d", IsDlgButtonChecked(hdlg, DS_ROWVERSIONING)); + ITOA_FIXED(ci->row_versioning, IsDlgButtonChecked(hdlg, DS_ROWVERSIONING)); ci->lf_conversion = IsDlgButtonChecked(hdlg, DS_LFCONVERSION); ci->true_is_minus1 = IsDlgButtonChecked(hdlg, DS_TRUEISMINUS1); ci->allow_keyset = IsDlgButtonChecked(hdlg, DS_UPDATABLECURSORS); @@ -498,8 +498,8 @@ ds_options_update(HWND hdlg, ConnInfo *ci) ci->gssauth_use_gssapi = IsDlgButtonChecked(hdlg, DS_GSSAUTHUSEGSSAPI); /* OID Options */ - sprintf(ci->fake_oid_index, "%d", IsDlgButtonChecked(hdlg, DS_FAKEOIDINDEX)); - sprintf(ci->show_oid_column, "%d", IsDlgButtonChecked(hdlg, DS_SHOWOIDCOLUMN)); + ITOA_FIXED(ci->fake_oid_index, IsDlgButtonChecked(hdlg, DS_FAKEOIDINDEX)); + ITOA_FIXED(ci->show_oid_column, IsDlgButtonChecked(hdlg, DS_SHOWOIDCOLUMN)); /* Datasource Connection Settings */ { @@ -563,7 +563,7 @@ ds_options2Proc(HWND hdlg, sizeof(fbuf)); if (cmd <= 0) STRCPY_FIXED(fbuf, "Advanced Options (%s) 2/3"); - sprintf(buf, fbuf, ci->dsn); + SPRINTF_FIXED(buf, fbuf, ci->dsn); SetWindowText(hdlg, buf); } else @@ -613,7 +613,7 @@ ds_options2Proc(HWND hdlg, default: CheckDlgButton(hdlg, DS_INT8_AS_DEFAULT, 1); } - sprintf(buf, "0x%x", getExtraOptions(ci)); + SPRINTF_FIXED(buf, "0x%x", getExtraOptions(ci)); SetDlgItemText(hdlg, DS_EXTRA_OPTIONS, buf); CheckDlgButton(hdlg, DS_SHOWOIDCOLUMN, atoi(ci->show_oid_column)); @@ -639,12 +639,12 @@ ds_options2Proc(HWND hdlg, { if (ci->keepalive_idle > 0) { - snprintf(buf, sizeof(buf), "%d", ci->keepalive_idle); + ITOA_FIXED(buf, ci->keepalive_idle); SetDlgItemText(hdlg, DS_KEEPALIVETIME, buf); } if (ci->keepalive_interval > 0) { - snprintf(buf, sizeof(buf), "%d", ci->keepalive_interval); + ITOA_FIXED(buf, ci->keepalive_interval); SetDlgItemText(hdlg, DS_KEEPALIVEINTERVAL, buf); } } @@ -813,7 +813,7 @@ mylog("!!!! %s:%d in\n", __FUNCTION__, wMsg); sizeof(fbuf)); if (cmd <= 0) STRCPY_FIXED(fbuf, "Advanced Options (%s) 3/3"); - sprintf(buf, fbuf, ci->dsn); + SPRINTF_FIXED(buf, fbuf, ci->dsn); SetWindowText(hdlg, buf); } else diff --git a/environ.c b/environ.c index 9fe5cb5..11c4207 100644 --- a/environ.c +++ b/environ.c @@ -325,7 +325,7 @@ PGAPI_ConnectError(HDBC hdbc, if (NULL != szSqlState) { if (conn->sqlstate[0]) - STRCPY_FIXED((char *) szSqlState, conn->sqlstate); + strncpy_null((char *) szSqlState, conn->sqlstate, SIZEOF_SQLSTATE); else switch (status) { diff --git a/execute.c b/execute.c index 61cfcaa..9e7cedc 100644 --- a/execute.c +++ b/execute.c @@ -630,7 +630,7 @@ SetStatementSvp(StatementClass *stmt) } if (need_savep) { - sprintf(esavepoint, "_EXEC_SVP_%p", stmt); + SPRINTF_FIXED(esavepoint, "_EXEC_SVP_%p", stmt); snprintf(cmd, sizeof(cmd), "SAVEPOINT %s", esavepoint); res = CC_send_query(conn, cmd, NULL, 0, NULL); if (QR_command_maybe_successful(res)) @@ -680,7 +680,7 @@ CC_is_in_trans(conn), SC_is_rb_stmt(stmt), SC_is_tc_stmt(stmt)); goto cleanup; if (!SC_is_rb_stmt(stmt) && !SC_is_tc_stmt(stmt)) goto cleanup; - sprintf(esavepoint, "_EXEC_SVP_%p", stmt); + SPRINTF_FIXED(esavepoint, "_EXEC_SVP_%p", stmt); if (SQL_ERROR == ret) { if (SC_started_rbpoint(stmt)) diff --git a/info.c b/info.c index c5cc519..138767a 100644 --- a/info.c +++ b/info.c @@ -1804,7 +1804,7 @@ retry_public_schema: op_string = gen_opestr(like_or_eq, conn); if (!list_some) { - schema_strcat1(tables_query, " and nspname %s'%.*s'", op_string, escSchemaName, szTableName, cbTableName, conn); + schema_strcat1(tables_query, sizeof(tables_query), " and nspname %s'%.*s'", op_string, escSchemaName, szTableName, cbTableName, conn); if (IS_VALID_NAME(escTableName)) snprintf_add(tables_query, sizeof(tables_query), " and relname %s'%s'", op_string, escTableName); @@ -2262,7 +2262,7 @@ retry_public_schema: { if (escTableName) snprintf_add(columns_query, sizeof(columns_query), " and c.relname %s'%s'", op_string, escTableName); - schema_strcat1(columns_query, " and n.nspname %s'%.*s'", op_string, escSchemaName, szTableName, cbTableName, conn); + schema_strcat1(columns_query, sizeof(columns_query), " and n.nspname %s'%.*s'", op_string, escSchemaName, szTableName, cbTableName, conn); } STRCAT_FIXED(columns_query, ") inner join pg_catalog.pg_attribute a" " on (not a.attisdropped)"); @@ -2770,7 +2770,7 @@ retry_public_schema: snprintf_add(columns_query, sizeof(columns_query), " and c.relname %s'%s'", eq_string, escTableName); /* SchemaName cannot contain a string search pattern */ - schema_strcat1(columns_query, " and u.nspname %s'%.*s'", eq_string, escSchemaName, szTableName, cbTableName, conn); + schema_strcat1(columns_query, sizeof(columns_query), " and u.nspname %s'%.*s'", eq_string, escSchemaName, szTableName, cbTableName, conn); result = PGAPI_AllocStmt(conn, &hcol_stmt, 0); if (!SQL_SUCCEEDED(result)) @@ -3049,7 +3049,7 @@ PGAPI_Statistics(HSTMT hstmt, cbSchemaName = cbTableOwner; table_schemaname[0] = '\0'; - schema_strcat(table_schemaname, "%.*s", szSchemaName, cbSchemaName, szTableName, cbTableName, conn); + schema_strcat(table_schemaname, sizeof(table_schemaname), "%.*s", szSchemaName, cbSchemaName, szTableName, cbTableName, conn); /* * we need to get a list of the field names first, so we can return @@ -3666,7 +3666,7 @@ retry_public_schema: if (escSchemaName) free(escSchemaName); escSchemaName = simpleCatalogEscape(szSchemaName, cbSchemaName, conn); - schema_strcat(pkscm, "%.*s", (SQLCHAR *) escSchemaName, SQL_NTS, szTableName, cbTableName, conn); + schema_strcat(pkscm, sizeof(pkscm), "%.*s", (SQLCHAR *) escSchemaName, SQL_NTS, szTableName, cbTableName, conn); } result = PGAPI_BindCol(htbl_stmt, 1, internal_asis_type, @@ -4110,7 +4110,7 @@ PGAPI_ForeignKeys_old(HSTMT hstmt, mylog("%s: entering Foreign Key Case #2", func); escFkTableName = simpleCatalogEscape((SQLCHAR *) fk_table_needed, SQL_NTS, conn); - schema_strcat(schema_needed, "%.*s", szFkTableOwner, cbFkTableOwner, szFkTableName, cbFkTableName, conn); + schema_strcat(schema_needed, sizeof(schema_needed), "%.*s", szFkTableOwner, cbFkTableOwner, szFkTableName, cbFkTableName, conn); escSchemaName = simpleCatalogEscape((SQLCHAR *) schema_needed, SQL_NTS, conn); snprintf(tables_query, sizeof(tables_query), "SELECT pt.tgargs, " " pt.tgnargs, " @@ -4438,7 +4438,7 @@ PGAPI_ForeignKeys_old(HSTMT hstmt, char *escSchemaName; escPkTableName = simpleCatalogEscape((SQLCHAR *) pk_table_needed, SQL_NTS, conn); - schema_strcat(schema_needed, "%.*s", szPkTableOwner, cbPkTableOwner, szPkTableName, cbPkTableName, conn); + schema_strcat(schema_needed, sizeof(schema_needed), "%.*s", szPkTableOwner, cbPkTableOwner, szPkTableName, cbPkTableName, conn); escSchemaName = simpleCatalogEscape((SQLCHAR *) schema_needed, SQL_NTS, conn); snprintf(tables_query, sizeof(tables_query), "SELECT pt.tgargs, " " pt.tgnargs, " @@ -5261,7 +5261,7 @@ PGAPI_Procedures(HSTMT hstmt, " as " "PROCEDURE_TYPE" " from pg_catalog.pg_namespace," " pg_catalog.pg_proc" " where pg_proc.pronamespace = pg_namespace.oid"); - schema_strcat1(proc_query, " and nspname %s'%.*s'", op_string, escSchemaName, szProcName, cbProcName, conn); + schema_strcat1(proc_query, sizeof(proc_query), " and nspname %s'%.*s'", op_string, escSchemaName, szProcName, cbProcName, conn); if (IS_VALID_NAME(escProcName)) snprintf_add(proc_query, sizeof(proc_query), " and proname %s'%s'", op_string, escProcName); @@ -5439,7 +5439,7 @@ retry_public_schema: " from pg_catalog.pg_namespace, pg_catalog.pg_class ," " pg_catalog.pg_user where"); if (escSchemaName) - schema_strcat1(proc_query, " nspname %s'%.*s' and", op_string, escSchemaName, szTableName, cbTableName, conn); + schema_strcat1(proc_query, sizeof(proc_query), " nspname %s'%.*s' and", op_string, escSchemaName, szTableName, cbTableName, conn); if (escTableName) snprintf_add(proc_query, sizeof(proc_query), " relname %s'%s' and", op_string, escTableName); @@ -5685,7 +5685,7 @@ PGAPI_ForeignKeys_new(HSTMT hstmt, { mylog("%s: entering Foreign Key Case #2", func); escTableName = simpleCatalogEscape((SQLCHAR *) fk_table_needed, SQL_NTS, conn); - schema_strcat(schema_needed, "%.*s", szFkTableOwner, cbFkTableOwner, szFkTableName, cbFkTableName, conn); + schema_strcat(schema_needed, sizeof(schema_needed), "%.*s", szFkTableOwner, cbFkTableOwner, szFkTableName, cbFkTableName, conn); relqual = "\n and conrelid = c.oid"; } /* @@ -5696,7 +5696,7 @@ PGAPI_ForeignKeys_new(HSTMT hstmt, else if (NULL != pk_table_needed) { escTableName = simpleCatalogEscape((SQLCHAR *) pk_table_needed, SQL_NTS, conn); - schema_strcat(schema_needed, "%.*s", szPkTableOwner, cbPkTableOwner, szPkTableName, cbPkTableName, conn); + schema_strcat(schema_needed, sizeof(schema_needed), "%.*s", szPkTableOwner, cbPkTableOwner, szPkTableName, cbPkTableName, conn); relqual = "\n and confrelid = c.oid"; } else diff --git a/mylog.c b/mylog.c index da7ca96..78f20b8 100644 --- a/mylog.c +++ b/mylog.c @@ -409,9 +409,9 @@ writeGlobalLogs() { char temp[10]; - sprintf(temp, "%d", globalDebug); + ITOA_FIXED(temp, globalDebug); SQLWritePrivateProfileString(DBMS_NAME, INI_DEBUG, temp, ODBCINST_INI); - sprintf(temp, "%d", globalCommlog); + ITOA_FIXED(temp, globalCommlog); SQLWritePrivateProfileString(DBMS_NAME, INI_COMMLOG, temp, ODBCINST_INI); return 0; } diff --git a/options.c b/options.c index 6406db7..7b0a432 100644 --- a/options.c +++ b/options.c @@ -261,13 +261,13 @@ set_statement_option(ConnectionClass *conn, if (stmt) { SC_set_error(stmt, STMT_NOT_IMPLEMENTED_ERROR, "Unknown statement option (Set)", func); - sprintf(option, "fOption=%d, vParam=" FORMAT_ULEN, fOption, vParam); + SPRINTF_FIXED(option, "fOption=%d, vParam=" FORMAT_ULEN, fOption, vParam); SC_log_error(func, option, stmt); } if (conn) { CC_set_error(conn, CONN_NOT_IMPLEMENTED_ERROR, "Unknown statement option (Set)", func); - sprintf(option, "fOption=%d, vParam=" FORMAT_ULEN, fOption, vParam); + SPRINTF_FIXED(option, "fOption=%d, vParam=" FORMAT_ULEN, fOption, vParam); CC_log_error(func, option, conn); } @@ -438,7 +438,7 @@ PGAPI_SetConnectOption(HDBC hdbc, char option[64]; CC_set_error(conn, CONN_UNSUPPORTED_OPTION, "Unknown connect option (Set)", func); - sprintf(option, "fOption=%d, vParam=" FORMAT_LEN, fOption, vParam); + SPRINTF_FIXED(option, "fOption=%d, vParam=" FORMAT_LEN, fOption, vParam); #ifdef WIN32 if (fOption == 30002 && vParam) { @@ -569,7 +569,7 @@ PGAPI_GetConnectOption(HDBC hdbc, char option[64]; CC_set_error(conn, CONN_UNSUPPORTED_OPTION, "Unknown connect option (Get)", func); - sprintf(option, "fOption=%d", fOption); + SPRINTF_FIXED(option, "fOption=%d", fOption); CC_log_error(func, option, conn); return SQL_ERROR; break; @@ -771,7 +771,7 @@ PGAPI_GetStmtOption(HSTMT hstmt, char option[64]; SC_set_error(stmt, STMT_NOT_IMPLEMENTED_ERROR, "Unknown statement option (Get)", func); - sprintf(option, "fOption=%d", fOption); + SPRINTF_FIXED(option, "fOption=%d", fOption); SC_log_error(func, option, stmt); return SQL_ERROR; } diff --git a/parse.c b/parse.c index 65b6113..4f6ef64 100644 --- a/parse.c +++ b/parse.c @@ -432,13 +432,13 @@ static BOOL CheckHasOids(StatementClass * stmt) res = NULL; if (!hasoids && !hassubclass) { - sprintf(query, "select a.attname, a.atttypid from pg_index i, pg_attribute a where indrelid=%u and indnatts=1 and indisunique and indexprs is null and indpred is null and i.indrelid = a.attrelid and a.attnum=i.indkey[0] and attnotnull and atttypid in (%d, %d)", ti->table_oid, PG_TYPE_INT4, PG_TYPE_OID); + SPRINTF_FIXED(query, "select a.attname, a.atttypid from pg_index i, pg_attribute a where indrelid=%u and indnatts=1 and indisunique and indexprs is null and indpred is null and i.indrelid = a.attrelid and a.attnum=i.indkey[0] and attnotnull and atttypid in (%d, %d)", ti->table_oid, PG_TYPE_INT4, PG_TYPE_OID); res = CC_send_query(conn, query, NULL, ROLLBACK_ON_ERROR | IGNORE_ABORT_ON_CONN, NULL); if (QR_command_maybe_successful(res) && QR_get_num_total_tuples(res) > 0) { foundKey = TRUE; STR_TO_NAME(ti->bestitem, QR_get_value_backend_text(res, 0, 0)); - sprintf(query, "\"%s\" = %%", SAFE_NAME(ti->bestitem)); + SPRINTF_FIXED(query, "\"%s\" = %%", SAFE_NAME(ti->bestitem)); if (PG_TYPE_INT4 == (OID) QR_get_value_backend_int(res, 0, 1, NULL)) STRCAT_FIXED(query, "d"); else @@ -1306,7 +1306,7 @@ parse_the_statement(StatementClass *stmt, BOOL check_hasoids, BOOL sqlsvr_check) delim = '\0'; token[0] = '\0'; - while (pptr = ptr, (delim != ',') ? STRCPY_FIXED(btoken, token) : (btoken[0] = '\0', NULL), (ptr = getNextToken(conn->ccsc, CC_get_escape(conn), pptr, token, sizeof(token), &delim, "e, &dquote, &numeric)) != NULL) + while (pptr = ptr, (delim != ',') ? strncpy_null(btoken, token, sizeof(btoken)) : (btoken[0] = '\0', NULL), (ptr = getNextToken(conn->ccsc, CC_get_escape(conn), pptr, token, sizeof(token), &delim, "e, &dquote, &numeric)) != NULL) { unquoted = !(quote || dquote); diff --git a/psqlodbc.h b/psqlodbc.h index b037123..7c6db42 100644 --- a/psqlodbc.h +++ b/psqlodbc.h @@ -469,6 +469,9 @@ do { \ /* macro to strcpy() or strcat() to fixed arrays. */ #define STRCPY_FIXED(to, from) strncpy_null((to), (from), sizeof(to)) #define STRCAT_FIXED(to, from) strlcat((to), (from), sizeof(to)) +/* macro to sprintfy() to fixed arrays. */ +#define SPRINTF_FIXED(to, ...) snprintf((to), sizeof(to), __VA_ARGS__) +#define ITOA_FIXED(to, from) snprintf((to), sizeof(to), "%d", from) typedef struct GlobalValues_ { diff --git a/results.c b/results.c index f044de2..5219319 100644 --- a/results.c +++ b/results.c @@ -3393,14 +3393,14 @@ static SQLLEN LoadFromKeyset(StatementClass *stmt, QResultClass * res, int rows_ if (!keys_per_fetch) keys_per_fetch = 2; lodlen = strlen(stmt->load_statement); - sprintf(planname, "_KEYSET_%p", res); + SPRINTF_FIXED(planname, "_KEYSET_%p", res); allen = 8 + strlen(planname) + 3 + 4 * keys_per_fetch + 1 + 1 + 2 + lodlen + 20 + 4 * keys_per_fetch + 1; SC_MALLOC_return_with_error(qval, char, allen, stmt, "Couldn't alloc qval", -1); - sprintf(qval, "PREPARE \"%s\"", planname); + snprintf(qval, allen, "PREPARE \"%s\"", planname); for (j = 0; j < keys_per_fetch; j++) { strlcat(qval, j ? ",tid" : "(tid", allen); @@ -3564,7 +3564,7 @@ mylog(" %s in rows_per_fetch=%d limitrow=%d\n", __FUNCTION__, rows_per_fetch, li SC_MALLOC_return_with_error(qval, char, allen, stmt, "Couldn't alloc qval", -1); } - sprintf(qval, "%.*sfrom %s where ctid in (", (int) from_pos, load_stmt, ti_quote(stmt, new_oid)); + snprintf(qval, allen, "%.*sfrom %s where ctid in (", (int) from_pos, load_stmt, ti_quote(stmt, new_oid)); } if (new_oid != oid) oid = new_oid; diff --git a/statement.c b/statement.c index 2069404..b06beab 100644 --- a/statement.c +++ b/statement.c @@ -663,7 +663,7 @@ SC_set_prepared(StatementClass *stmt, int prepared) QResultClass *res; char dealloc_stmt[128]; - sprintf(dealloc_stmt, "DEALLOCATE \"%s\"", stmt->plan_name); + SPRINTF_FIXED(dealloc_stmt, "DEALLOCATE \"%s\"", stmt->plan_name); res = CC_send_query(conn, dealloc_stmt, NULL, IGNORE_ABORT_ON_CONN | ROLLBACK_ON_ERROR, NULL); QR_Destructor(res); } diff --git a/tuple.c b/tuple.c index 7c2f53f..6c0f76d 100644 --- a/tuple.c +++ b/tuple.c @@ -49,7 +49,7 @@ set_tuplefield_int2(TupleField *tuple_field, Int2 value) { char buffer[10]; - sprintf(buffer, "%d", value); + ITOA_FIXED(buffer, value); tuple_field->len = (Int4) (strlen(buffer) + 1); /* +1 ... is this correct (better be on the save side-...) */ @@ -62,7 +62,7 @@ set_tuplefield_int4(TupleField *tuple_field, Int4 value) { char buffer[15]; - sprintf(buffer, "%d", value); + ITOA_FIXED(buffer, value); tuple_field->len = (Int4) (strlen(buffer) + 1); /* +1 ... is this correct (better be on the save side-...) */