Em ter., 15 de jun. de 2021 às 15:48, Andres Freund <andres@anarazel.de> escreveu:
Hi,
On 2021-06-15 13:53:08 -0400, Tom Lane wrote: > Andres Freund <andres@anarazel.de> writes: > > On 2021-06-15 07:40:46 -0300, Ranier Vilela wrote: > >> memcpy would not suffer from it? > > > It'd not be correct for short sqlstates - you'd read beyond the end of > > the source buffer. There are cases of it in the ecpg code. > > What's a "short SQLSTATE"? They're all five characters by definition.
I thought there were places that just dealt with "00" etc. And there are - but it's just comparisons.
I still don't fully feel comfortable just using memcpy() though, given that the sqlstates originate remotely / from libpq, making it hard to rely on the fact that the buffer "ought to" always be at least 5 bytes long? As far as I can tell there's no enforcement of PQresultErrorField(..., PG_DIAG_SQLSTATE) being that long.
And replacing with snprintf, what do you guys think?
n = snprintf(sqlca->sqlstate, sizeof(sqlca->sqlstate), "%s", sqlstate); Assert(n >= 0 && n < sizeof(sqlca->sqlstate));