Re: Overruns (was: 'pgsql/src/backend/lib stringinfo.c') - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Overruns (was: 'pgsql/src/backend/lib stringinfo.c')
Date
Msg-id 199812122103.QAA04669@candle.pha.pa.us
Whole thread Raw
In response to Overruns (was: 'pgsql/src/backend/lib stringinfo.c')  (Goran Thyni <goran@bildbasen.se>)
List pgsql-hackers
> > Does this remove the need for vsnprintf?
> 
> I don't think so,
> vsprintf is still used if 6 places in to src tree, 5 of them is in
> the backend. Each of these should be examined to determent wheater
> those can be rewritten or if vsnprintf is needed.
> 
> To make matter worse:
> 
> guevara-goran# pwd
> /usr/local/src/cvs/pgsql/src
> guevara-goran# grep -n sprintf `find .` | wc -l
>     875
> guevara-goran# cd backend/
> guevara-goran# grep -n sprintf `find .` | wc -l
>     474
> 
> Their is lot of potential overruns in there,
> and since pgsql is a net(-able) server we
> should take that seriously.
> 
> I will look closer at these issues as time permits. 


Added to TODO:
* fix any sprintf() overruns* add portable vsnprintf()


--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: OK now :-) was Re: [HACKERS] regression tests
Next
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] memory leak with Abort Transaction