On 2026-Mar-24, Thiago Caserta wrote:
> Hi hackers,
>
> Attached is a patch that converts several sprintf() calls to
> snprintf() in libpq client library code. While the existing buffers
> are currently sized correctly, using snprintf() provides an
> additional safety net against potential buffer overflows and is
> consistent with the project's general direction of preferring bounded
> string operations.
I'm not sure we should take a patch with a tag attributing authorship to
an LLM owned by a commercial entity. I think some US court already
ruled that LLMs aren't entitled to copyright for works of art, so I
suspect we don't need to make any such attribution.
On the other hand, the proposed patch is quite dumb, since at least the
first hunk shows duplicated strlen(). So it's not clear to me that this
patch really achieves the claimed "additional safety net".
Do we really want to be accepting code patches written by tools that
make the most obvious code worse than before? I am quite scared of the
quality of code of medium complexity written by this tool.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
"Los trabajadores menos efectivos son sistematicamente llevados al lugar
donde pueden hacer el menor daño posible: gerencia." (El principio Dilbert)
