Re: Incorrect usage of strtol, atoi for non-numeric junk inputs - Mailing list pgsql-hackers

From Bharath Rupireddy
Subject Re: Incorrect usage of strtol, atoi for non-numeric junk inputs
Date
Msg-id CALj2ACWAGQGFqzKYzCVm17DxEJGVj9f+yThcZkQSRFPs6dABLQ@mail.gmail.com
Whole thread Raw
In response to Re: Incorrect usage of strtol, atoi for non-numeric junk inputs  (Alvaro Herrera <alvherre@alvh.no-ip.org>)
Responses Re: Incorrect usage of strtol, atoi for non-numeric junk inputs
List pgsql-hackers
On Fri, Jun 4, 2021 at 8:58 PM Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
>
> On 2021-Jun-04, Bharath Rupireddy wrote:
>
> > On Thu, May 27, 2021 at 3:05 AM Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
> > > Hi, how is this related to
> > > https://postgr.es/m/20191028012000.GA59064@begriffs.com ?
> >
> > Thanks. The proposed approach there was to implement postgres's own
> > strtol i.e. string parsing, conversion to integers and use it in the
> > places where atoi is being used. I'm not sure how far that can go.
> > What I'm proposing here is to use strtol inplace of atoi to properly
> > detect errors in case of inputs like '1211efe', '-14adc' and so on as
> > atoi can't detect such errors. Thoughts?
>
> Well, if you scroll back to Surafel's initial submission in that thread,
> it looks very similar in spirit to what you have here.
>
> Another thing I just noticed which I hadn't realized is that Joe
> Nelson's patch depends on Fabien Coelho's patch in this other thread,
> https://www.postgresql.org/message-id/flat/alpine.DEB.2.21.1904201223040.29102@lancre
> which was closed as returned-with-feedback, I suppose mostly due to
> exhaustion/frustration at the lack of progress/interest.
>
> I would suggest that the best way forward in this area is to rebase both
> there patches on current master.

Thanks. I will read both the threads [1], [2] and try to rebase the
patches. If at all I get to rebase them, do you prefer the patches to
be in this thread or in a new thread?

[1] - https://www.postgresql.org/message-id/flat/alpine.DEB.2.21.1904201223040.29102@lancre
[2] - https://www.postgresql.org/message-id/20191028012000.GA59064@begriffs.com

With Regards,
Bharath Rupireddy.



pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: Re: security_definer_search_path GUC
Next
From: Andrew Dunstan
Date:
Subject: pg_upgrade don't echo windows commands