Home > mailing lists

Re: strncpy is not a safe version of strcpy - Mailing list pgsql-hackers

From	Kevin Grittner
Subject	Re: strncpy is not a safe version of strcpy
Date	August 13, 2014 17:55:16
Msg-id	1407941707.96962.YahooMailNeo@web122302.mail.ne1.yahoo.com Whole thread Raw
In response to	Re: strncpy is not a safe version of strcpy (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Kevin Grittner <kgrittn@ymail.com> writes:
>
>> I am concerned that failure to check for truncation could allow
>> deletion of unexpected files or directories.
>
> I believe that we deal with this by the expedient of checking the
> lengths of tablespace paths in advance, when the tablespace is
> created.

As long as it is covered.

I would point out that the when strlcpy is used it returns a size_t
which can be directly compared to one of the arguments passed in
(in this case MAXPGPATH) to detect whether the name was truncated
for the cost of an integer compare (probably in registers).  No
additional scan of the data is needed.

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 13 August 2014, 17:23:55
Subject: Re: strncpy is not a safe version of strcpy

From: "MauMau"
Date: 13 August 2014, 18:48:27
Subject: Re: option -T in pg_basebackup doesn't work on windows

Re: strncpy is not a safe version of strcpy - Mailing list pgsql-hackers

Previous

Next