| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
| Cc: | "Justin Clift" <justin(at)postgresql(dot)org>, "PostgreSQL Hackers Mailing List" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Interesting message about printf()'s in PostgreSQL |
| Date: | 2002-08-12 06:35:17 |
| Message-ID: | 28308.1029134117@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> writes:
>> src/backend/port/dynloader/freebsd.c
> This one is perhaps dodgy. You ahve this:
> static char error_message[BUFSIZ];
> Then you have this:
> sprintf(error_message, "dlopen (%s) not supported", file);
> Where file isn't restricted in length I think...
Yeah. In practice I'm not sure there's a problem --- the callers may
all limit the filename string to MAXPGPATH, which is well below BUFSIZ.
But changing the sprintf to snprintf is a cheap, localized way to be
sure.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mario Weilguni | 2002-08-12 06:38:21 | Re: OOP real life example (was Re: Why is MySQL more chosen |
| Previous Message | Christopher Kings-Lynne | 2002-08-12 06:31:34 | Re: Interesting message about printf()'s in PostgreSQL |