Home > mailing lists

[PATCH v1] Replace sprintf() with snprintf() in libpq for safety Anexo: o arquivo - Mailing list pgsql-hackers

From	Thiago Caserta
Subject	[PATCH v1] Replace sprintf() with snprintf() in libpq for safety Anexo: o arquivo
Date	March 24 22:57:21
Msg-id	CPYP284MB1221DDF51A8E74C19F07F74EC948A@CPYP284MB1221.BRAP284.PROD.OUTLOOK.COM Whole thread Raw
Responses	Re: [PATCH v1] Replace sprintf() with snprintf() in libpq for safety Anexo: o arquivo
List	pgsql-hackers

Tree view

Hi hackers,

Attached is a patch that converts several sprintf() calls to snprintf() in libpq client library code. While the existing buffers are currently sized correctly, using snprintf() provides an additional safety net against potential buffer overflows and is consistent with the project's general direction of preferring bounded string operations.

Changes:

- fe-auth.c: SSPI target string construction

- fe-connect.c: client encoding query formatting

- fe-exec.c: notice message formatting

- fe-print.c: format string construction

- win32.c: Windows socket error messages

The patch applies cleanly against current HEAD (dd5716f3c74) and passes git diff --check with no whitespace issues. No functional changes are introduced (this is a safety hardening change only).

Best regards,

Thiago Caserta

Attachment

v1-0001-Replace-sprintf-with-snprintf-in-libpq-for-safety.patch

pgsql-hackers by date:

From: Nathan Bossart
Date: 24 March, 22:44:38
Subject: Re: Expanding HOT updates for expression and partial indexes

From: Thiago Caserta
Date: 24 March, 22:58:40
Subject: [PATCH v1] Fix typos: "its a" -> "it's a" in code comments

[PATCH v1] Replace sprintf() with snprintf() in libpq for safety Anexo: o arquivo - Mailing list pgsql-hackers

Attachment

Previous

Next