Quick Links

Re: Unbounded %s in sscanf

From:	Daniel Gustafsson <daniel(at)yesql(dot)se>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: Unbounded %s in sscanf
Date:	2021-06-28 14:45:53
Message-ID:	FC507F06-7199-435C-A3EF-0087278E44E8@yesql.se
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On 28 Jun 2021, at 16:02, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Ugh. Shouldn't we instead modify the format to read not more than
> two characters? Even if this is safe on non-malicious input, it
> doesn't seem like good style.

No disagreement, I was only basing it on what is in the tree. I would propose
that we change the sscanf in _LoadBlobs() too though to eliminate all such
callsites, even though that one is even safer. I'll prepare a patch once more
caffeine has been ingested.

--
Daniel Gustafsson https://vmware.com/

In response to

Re: Unbounded %s in sscanf at 2021-06-28 14:02:46 from Tom Lane

Responses

Re: Unbounded %s in sscanf at 2021-07-03 20:18:54 from Daniel Gustafsson

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Andrew Dunstan	2021-06-28 14:50:56	Re: pgindent run
Previous Message	Tom Lane	2021-06-28 14:44:42	Re: pgindent run