Home > mailing lists

Re: appendStringInfoString() micro-opt - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: appendStringInfoString() micro-opt
Date	January 31, 2004 04:42:34
Msg-id	27366.1075527739@sss.pgh.pa.us Whole thread Raw
In response to	Re: appendStringInfoString() micro-opt (Neil Conway <neilc@samurai.com>)
List	pgsql-patches

Tree view

Neil Conway <neilc@samurai.com> writes:
> It occurred to me that there is a potential security problem with code
> like:

> char *my_str;
> my_str = read_from_an_untrusted_source();
> appendStringInfo(buf, my_str);

> If my_str contains any formatting characters, this crashes the
> backend. I'm not sure if there are any actual exploitable instances of
> this in the backend, but the above unsafe coding practise is fairly
> common.

It is?  I thought I'd gone around and checked for that.  If you see any
remaining cases then I'd say they are must-fix items.

            regards, tom lane

pgsql-patches by date:

From: Neil Conway
Date: 31 January 2004, 04:11:21
Subject: Re: appendStringInfoString() micro-opt

From: Joe Conway
Date: 31 January 2004, 15:54:49
Subject: Re: [HACKERS] v7.4.1 text_position() patch

Re: appendStringInfoString() micro-opt - Mailing list pgsql-patches

Previous

Next