On 2022-May-02, Bharath Rupireddy wrote:
> Hi,
>
> I came across pg_toupper and pg_tolower functions, converting a single
> character, are being used in loops to convert an entire
> null-terminated string. The cost of calling these character-based
> conversion functions (even though small) can be avoided if we have two
> new functions pg_strtoupper and pg_strtolower.
Currently, pg_toupper/pg_tolower are used in very limited situations.
Are they really always safe enough to run in arbitrary situations,
enough to create this new layer on top of them? Reading the comment on
pg_tolower, "the whole thing is a bit bogus for multibyte charsets", I
worry that we might create security holes, either now or in future
callsites that use these new functions.
Consider that in the Turkish locale you lowercase an I (single-byte
ASCII character) with a dotless-i (two bytes). So overwriting the input
string is not a great solution.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
"Nunca se desea ardientemente lo que solo se desea por razón" (F. Alexandre)