Replace static buf with a stack-allocated one in 'seg' extension

The buffer is used only locally within the function. Also, the
initialization to '0' characters was unnecessary, the initial content
were always overwritten with sprintf(). I don't understand why it was
done that way, but it's been like that since forever.

In the passing, change from sprintf() to snprintf(). The buffer was
long enough so sprintf() was fine, but this makes it more obvious that
there's no risk of a buffer overflow.

Reviewed-by: Robert Haas
Discussion: https://www.postgresql.org/message-id/7f86e06a-98c5-4ce3-8ec9-3885c8de0358@iki.fi

1 files changed, 4 insertions, 10 deletions

diff --git a/contrib/seg/segparse.y b/contrib/seg/segparse.y
index 729d4b6390b..9635c3af6e6 100644
--- a/contrib/seg/segparse.y
+++ b/contrib/seg/segparse.y
@@ -29,14 +29,6 @@ static bool seg_atof(char *value, float *result, struct Node *escontext);
 
 static int sig_digits(const char *value);
 
-static char strbuf[25] = {
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '0',
-	'0', '0', '0', '0', '\0'
-};
-
 %}
 
 /* BISON Declarations */
@@ -69,11 +61,13 @@ static char strbuf[25] = {
 
 range: boundary PLUMIN deviation
 	{
+		char		strbuf[25];
+
 		result->lower = $1.val - $3.val;
 		result->upper = $1.val + $3.val;
-		sprintf(strbuf, "%g", result->lower);
+		snprintf(strbuf, sizeof(strbuf), "%g", result->lower);
 		result->l_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd));
-		sprintf(strbuf, "%g", result->upper);
+		snprintf(strbuf, sizeof(strbuf), "%g", result->upper);
 		result->u_sigd = Max(sig_digits(strbuf), Max($1.sigd, $3.sigd));
 		result->l_ext = '\0';
 		result->u_ext = '\0';