----- Original Message -----
From: "Neil Conway" <neilc@samurai.com>
> Fair enough -- if the other code in that area uses the same style,
> that's fine. It's worth noting that if the format string changes
> between calls to the function, you may end up writing off the end of
> your malloc'ed buffer -- since the GUC var can be set only after a
> SIGHUP, I believe this can't happen, but IMHO it speaks to the
> hokiness of using static variables unless really necessary.
>
Actually, the code is written to ensure it *NEVER* overflows the buffer. The
result might be truncated but never overflowed. It doesn't require a format
change - if a user has long user/dbnames and uses them more than once in the
format string that will ensure a result which but for the overflow checks
would cause overflow ('%U%D%U%D' could do it) but actually causes
truncation.
Of course, I could parse the string when setting up the buffer looking for
the number of expansions required. Instead I made the (I think reasonable)
assumption that each possible expansion would be wanted at most once.
andrew