Neil Conway <neilc@samurai.com> writes:
> I'll put this on the back-burner for now, and repost a complete
> patch later if I get around to it.
I've applied the following patch (since I'd already gone ahead and
done the work) that replaces appendStringInfo(buf, "%s", str) with
appendStringInfoString(buf, str)
It occurred to me that there is a potential security problem with code
like:
char *my_str;
my_str = read_from_an_untrusted_source();
appendStringInfo(buf, my_str);
If my_str contains any formatting characters, this crashes the
backend. I'm not sure if there are any actual exploitable instances of
this in the backend, but the above unsafe coding practise is fairly
common.
-Neil
