| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | David Rowley <dgrowleyml(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Kevin Grittner <kgrittn(at)ymail(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Tomas Vondra <tv(at)fuzzy(dot)cz>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: strncpy is not a safe version of strcpy |
| Date: | 2014-08-16 03:26:55 |
| Message-ID: | 20140816032655.GA361872@tornado.leadboat.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Aug 16, 2014 at 10:38:39AM +1200, David Rowley wrote:
> On Thu, Aug 14, 2014 at 4:13 PM, Noah Misch <noah(at)leadboat(dot)com> wrote:
>
> > I share your (Kevin's) discomfort with our use of strlcpy(). I wouldn't
> > mind
> > someone replacing most strlcpy()/snprintf() calls with calls to wrappers
> > that
> > ereport(ERROR) on truncation. Though as reliability problems go, this one
> > has
> > been minor.
> >
> >
> Or maybe it would be better to just remove the restriction and just palloc
> something of the correct size?
> Although, that sounds like a much larger patch. I'd vote that the strlcpy
> should be used in the meantime.
I agree that, in principle, dynamic allocation might be better still. I also
agree that it would impose more code churn, for an awfully-narrow benefit.
Barring objections, I will commit your latest patch with some comments about
why truncation is harmless for those two particular calls.
--
Noah Misch
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2014-08-16 03:31:03 | Sample LDIF for pg_service.conf no longer works |
| Previous Message | Noah Misch | 2014-08-16 03:00:01 | Re: Removing dependency to wsock32.lib when compiling code on WIndows |