| From: | "ragetron99" <ragetron99(at)gmail(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #2672: stored procedure argument and return type length validation |
| Date: | 2006-10-03 18:39:00 |
| Message-ID: | 200610031839.k93Id0Ju050790@wwwmaster.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 2672
Logged by: ragetron99
Email address: ragetron99(at)gmail(dot)com
PostgreSQL version: 8.1.4
Operating system: irrelevant
Description: stored procedure argument and return type length
validation
Details:
PgSQL doesn't seem to perform length validation for variable-length types
used as arguments or return values in a stored procedure. The oidvector in
pg_proc used as the function signature seems to be the only type-related
specification that exists. Why are stored procedures (and whatever
functionality invokes them) expected to manually validate inputs in this
manner instead of having it automatically enforced?
$ create or replace function hello_tom_lane(varchar(3)) returns varchar(3)
as 'select $1;' language sql;
CREATE FUNCTION
$ select hello_tom_lane('hello tom lane why is this not limited to three
characters?');
hello_tom_lane
-------------------------------------------------------------
hello tom lane why is this not limited to three characters?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Browne | 2006-10-03 19:02:32 | Re: BUG #2658: Query not using index |
| Previous Message | Graham Davis | 2006-10-03 18:20:49 | Re: BUG #2658: Query not using index |