Permalink
Checking mergeability…
Don’t worry, you can still create the pull request.
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 2 commits
- 14 files changed
- 2 contributors
Commits on Jan 16, 2026
Commits on Jan 23, 2026
-
fix: Replace sprintf with snprintf in dsinterval.c and yminterval.c
This fixes critical buffer overflow vulnerabilities where multiple sprintf() calls write to buffers without bounds checking. The fix adds: 1. A bufsize parameter to AppendSeconds() function in both files 2. remaining_bufsize tracking in EncodeDsinterval() and EncodeYminterval() 3. All sprintf() calls replaced with snprintf() using proper bounds This prevents memory corruption and potential crashes when formatting interval values with large precision values. Affected lines: - dsinterval.c: 709, 711, 715, 722, 724, 791, 807, 816, 820, 826 - yminterval.c: 293, 295, 301, 303, 306, 308, 376, 390, 399, 403, 409 Co-Authored-By: Claude <noreply@anthropic.com>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff master...master