From bfe5d73c162d2d1f761a639a0aa33aad6a9eb54e Mon Sep 17 00:00:00 2001
From: "H.Merijn Brand - Tux" <linux@tux.freedom.nl>
Date: Wed, 27 May 2026 11:16:50 +0200
Subject: [PATCH] Fix possible stack overflow (old issue already noted by Tim)

---
 ChangeLog          | 3 ++-
 DBI.xs             | 7 ++-----
 Makefile.PL        | 1 +
 dbixs_rev.h        | 4 ++--
 lib/DBI/Changes.pm | 6 +++++-
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1cc1a294..798fe364 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,8 @@
-1.648 - 2025-03-14, H.Merijn Brand
+1.648 - 2025-05-27, H.Merijn Brand
     * Correct sprintf usage for trace_msg (issue#132)
     * Add DBIXS_VERSION & DBIXS_RELEASE to dbixs_rev.h
     * Remove -Wbad-function-cast
+    * Fix possible stack overflow (old issue already noted by Tim)
 
 1.647 - 2025-01-20, H.Merijn Brand
     * Spellcheck
diff --git a/DBI.xs b/DBI.xs
index 331eff13..ee9d2c28 100644
--- a/DBI.xs
+++ b/DBI.xs
@@ -4000,7 +4000,6 @@ XS(XS_DBI_dispatch)
         SV **statement_svp = NULL;
         const int is_warning = (!SvTRUE(err_sv) && strlen(SvPV_nolen(err_sv))==1);
         const char *err_meth_name = meth_name;
-        char intro[200];
 
         if (meth_type == methtype_set_err) {
             SV **sem_svp = hv_fetchs((HV*)SvRV(h), "dbi_set_err_method", GV_ADDWARN);
@@ -4008,10 +4007,8 @@ XS(XS_DBI_dispatch)
                 err_meth_name = SvPV_nolen(*sem_svp);
         }
 
-        /* XXX change to vsprintf into sv directly */
-        sprintf(intro,"%s %s %s: ", HvNAME(DBIc_IMP_STASH(imp_xxh)), err_meth_name,
-            SvTRUE(err_sv) ? "failed" : is_warning ? "warning" : "information");
-        msg = sv_2mortal(newSVpv(intro,0));
+        msg = sv_2mortal(newSVpvf("%s %s %s: ", HvNAME(DBIc_IMP_STASH(imp_xxh)), err_meth_name,
+            SvTRUE(err_sv) ? "failed" : is_warning ? "warning" : "information"));
         if (SvOK(DBIc_ERRSTR(imp_xxh)))
             sv_catsv(msg, DBIc_ERRSTR(imp_xxh));
         else
diff --git a/Makefile.PL b/Makefile.PL
index dd2d895b..0f40e638 100644
--- a/Makefile.PL
+++ b/Makefile.PL
@@ -364,6 +364,7 @@ ptest:  all
 .PHONY:	doc change changes spellcheck checkpod newdist
 changes:	$(changes_pm1)
 doc:
+	perl dbixs_rev.pl
 	perl doc/make-doc.pl --pod
 spellcheck checkpod:	doc
 	pod-spell-check -i -a doc/*.pod
diff --git a/dbixs_rev.h b/dbixs_rev.h
index 3ef8f3db..8b230dc0 100644
--- a/dbixs_rev.h
+++ b/dbixs_rev.h
@@ -1,4 +1,4 @@
-/* Fri Mar 14 15:13:25 2025 */
+/* Wed May 27 11:14:14 2026 */
 #define DBIXS_RELEASE  1
 #define DBIXS_VERSION  648
-#define DBIXS_REVISION 1705
+#define DBIXS_REVISION 1719
diff --git a/lib/DBI/Changes.pm b/lib/DBI/Changes.pm
index 855e89d2..8fbbedcc 100644
--- a/lib/DBI/Changes.pm
+++ b/lib/DBI/Changes.pm
@@ -12,7 +12,7 @@ DBI::Changes - List of significant changes to the DBI
 
 =encoding UTF-8
 
-=head2 Changes in DBI 1.648 - 14 Mar 2025
+=head2 Changes in DBI 1.648 - 27 May 2025
 
 =over 2
 
@@ -28,6 +28,10 @@ Add DBIXS_VERSION & DBIXS_RELEASE to dbixs_rev.h
 
 Remove -Wbad-function-cast
 
+=item *
+
+Fix possible stack overflow (old issue already noted by Tim)
+
 =back
 
 =head2 Changes in DBI 1.647 - 20 Jan 2025