Thread

  1. Overruns (was: 'pgsql/src/backend/lib stringinfo.c')

    Goran Thyni <goran@bildbasen.se> — 1998-11-09T08:40:54Z

    Bruce Momjian wrote:
    > 
    > > Update of /usr/local/cvsroot/pgsql/src/backend/lib
    > > In directory hub.org:/tmp/cvs-serv21717
    > >
    > > Modified Files:
    > >       stringinfo.c
    > > Log Message:
    > > Fix a potential infinite loop in appendStringInfo: would lock
    > > up if first string to be appended to an empty StringInfo was longer
    > > than the initial space allocation.
    > > Also speed it up slightly.
    > 
    > Does this remove the need for vsnprintf?
    
    I don't think so,
    vsprintf is still used if 6 places in to src tree, 5 of them is in
    the backend. Each of these should be examined to determent wheater
    those can be rewritten or if vsnprintf is needed.
    
    To make matter worse:
    
    guevara-goran# pwd
    /usr/local/src/cvs/pgsql/src
    guevara-goran# grep -n sprintf `find .` | wc -l
        875
    guevara-goran# cd backend/
    guevara-goran# grep -n sprintf `find .` | wc -l
        474
    
    Their is lot of potential overruns in there,
    and since pgsql is a net(-able) server we
    should take that seriously.
    
    I will look closer at these issues as time permits. 
    
    	mvh,
    -- 
    ---------------------------------------------
    Göran Thyni, sysadm, JMS Bildbasen, Kiruna