Home > mailing lists

Re: [Resend] Sprintf() auditing and a patch - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: [Resend] Sprintf() auditing and a patch
Date	August 29, 2002 17:43:37
Msg-id	200208291843.g7TIhSs14454@candle.pha.pa.us Whole thread Raw
In response to	Re: [Resend] Sprintf() auditing and a patch (Neil Conway <neilc@samurai.com>)
List	pgsql-hackers

Tree view

Neil Conway wrote:
> If you're interested, another common source of problems is integer
> overflow when dealing with numeric input from the user. In fact, far
> more security problems have been caused by insufficient integer
> overflow checking than by string handling bugs.

One other things that bothers me are cases where we allocate memory to
hold the ASCII representation of an integer, but instead of using a
macro that documents this fact, we use a constant, and different
constants in different places.  That should be cleaned up.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073

pgsql-hackers by date:

From: Bruce Momjian
Date: 29 August 2002, 17:32:39
Subject: Re: C vs. C++ contributions

From: "D'Arcy J.M. Cain"
Date: 29 August 2002, 18:18:11
Subject: Re: Type definition process (was Re: MemoryContextAlloc: invalid request size 1934906735)

Re: [Resend] Sprintf() auditing and a patch - Mailing list pgsql-hackers

Previous

Next