Thread: Documentation of maximum input string lengths

Hi all,

I've just been thinking that the documentation doesn't cover the maximum
input string lengths for various data types well. Case in point, the
date/time code: there was a fair amount of discussion about validation
input, including checking for 'unreasonable' string lengths. Unless you
went and poked around the code, you couldn't know that the maximum string
length for a date/time string is 52 bytes.

So, the question is this: should there be documentation of the maximum
string length of a data structure so that application programmers can
provide string length validation? Perhaps MAXDATELEN and other static
values in adt/ should be put in pg_config.h so that the user does not need
to hard code them? Perhaps it is a bad idea, since programmers should also
do other validation, such as ensuring that a submitted date/time value
is what the program(mer) is expecting?

Gavin

Gavin Sherry <swm@linuxworld.com.au> writes:
> So, the question is this: should there be documentation of the maximum
> string length of a data structure so that application programmers can
> provide string length validation?

I don't think so; that's just going to make it harder to fix things if,
say, one day we need to support longer timezone names than we do today.
The more places that know about these limits the worse it will be.

The date buffer overrun bug was a backend bug, nothing more nor less,
and it was *not* the frontends' responsibility to guard against.
        regards, tom lane