Home > mailing lists

Re: pgsql: Add new escaping functions PQescapeLiteral and - Mailing list pgsql-committers

From	Robert Haas
Subject	Re: pgsql: Add new escaping functions PQescapeLiteral and
Date	January 21, 2010 16:40:10
Msg-id	603c8f071001210939o49ccd1c5u6c7d7c276452bc8a@mail.gmail.com Whole thread Raw
In response to	Re: pgsql: Add new escaping functions PQescapeLiteral and (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-committers

Tree view

On Thu, Jan 21, 2010 at 12:37 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> rhaas@postgresql.org (Robert Haas) writes:
>> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
>
> Minor gripe: this loop test is unsafe:
>
> +       /* Scan the string for characters that must be escaped. */
> +       for (s = str; *s != '\0' && (s - str) < len; ++s)
>
> Should check len first, else you might be fetching a byte that isn't
> there.

Good catch.

> On a stylistic level, shouldn't as_ident be declared bool not int?

Stupid bool.  Real programmers use int, except when they just program
in assembly directly.

...Robert

pgsql-committers by date:

From: Tom Lane
Date: 21 January 2010, 16:37:39
Subject: Re: pgsql: Add new escaping functions PQescapeLiteral and

From: rhaas@postgresql.org (Robert Haas)
Date: 21 January 2010, 17:43:38
Subject: pgsql: Fix unsafe loop test, and declare as_ident as bool rather than

Re: pgsql: Add new escaping functions PQescapeLiteral and - Mailing list pgsql-committers

Previous

Next