From b11964b6940d9d643164d6dbaf63a5df1880e975 Mon Sep 17 00:00:00 2001
From: Jake Owen <owjco@amazon.com>
Date: Wed, 7 Aug 2024 22:12:06 +0000
Subject: [PATCH] Add boundary checks for string modification

Signed-off-by: Jake Owen <owjco@amazon.com>
---
 contrib/babelfishpg_tsql/src/pl_handler.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/contrib/babelfishpg_tsql/src/pl_handler.c b/contrib/babelfishpg_tsql/src/pl_handler.c
index 4ed614880bc..cf4372e63aa 100644
--- a/contrib/babelfishpg_tsql/src/pl_handler.c
+++ b/contrib/babelfishpg_tsql/src/pl_handler.c
@@ -4283,9 +4283,9 @@ static void bbf_func_ext_update_proc_definition(Oid oid)
 				}
 				appendStringInfoChar(&infoSchemaStr, original_query[i]);
 			}
-			else if(original_query[i] == '/' && original_query[i + 1] == '*' && i < strlen(original_query))
+			else if(i + 1 < strlen(original_query) && original_query[i] == '/' && original_query[i + 1] == '*')
 			{
-				while(original_query[i] != '*' && original_query[i+1] != '/')
+				while(i + 1 < strlen(original_query) && original_query[i] != '*' && original_query[i+1] != '/')
 				{
 					appendStringInfoChar(&infoSchemaStr, original_query[i]);
 					i++;
@@ -4294,7 +4294,7 @@ static void bbf_func_ext_update_proc_definition(Oid oid)
 				appendStringInfoChar(&infoSchemaStr, original_query[i+1]);
 				i++;
 			}
-			else if(strncasecmp(original_query + i, "alter", 5) == 0)
+			else if(i + 5 < strlen(original_query) && strncasecmp(original_query + i, "alter", 5) == 0)
 			{
 				// Change alter to create, add rest of characters, and update
 				appendStringInfoString(&infoSchemaStr, "CREATE");