Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> So, the question is this: should there be documentation of the maximum
> string length of a data structure so that application programmers can
> provide string length validation?
I don't think so; that's just going to make it harder to fix things if,
say, one day we need to support longer timezone names than we do today.
The more places that know about these limits the worse it will be.
The date buffer overrun bug was a backend bug, nothing more nor less,
and it was *not* the frontends' responsibility to guard against.
regards, tom lane