Re: pg17.3 PQescapeIdentifier() ignores len
Ranier Vilela <ranier.vf@gmail.com>
From: Ranier Vilela <ranier.vf@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Justin Pryzby <pryzby@telsasoft.com>, pgsql-hackers@lists.postgresql.org
Date: 2025-02-13T19:19:36Z
Lists: pgsql-hackers
Em qui., 13 de fev. de 2025 às 16:05, Tom Lane <tgl@sss.pgh.pa.us> escreveu: > Ranier Vilela <ranier.vf@gmail.com> writes: > > Interesting, Coverity has some new reports regarding PQescapeIdentifier. > > > CID 1591290: (#1 of 1): Out-of-bounds access (OVERRUN) > > 2. alloc_strlen: Allocating insufficient memory for the terminating null > of > > the string. [Note: The source code implementation of the function has > been > > overridden by a builtin model.] > > That's not new, we've been seeing those for awhile. I've been > ignoring them on the grounds that (a) if the code actually had such a > problem, valgrind testing would have found it, and (b) the message is > saying in so many words that they're ignoring our code in favor of > somebody's apparently-inaccurate model of said code. > Thanks Tom, extra care is needed when analyzing these reports. best regards, Ranier Vilela
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Fix PQescapeLiteral()/PQescapeIdentifier() length handling
- 1f7a05324524 13.20 landed
- 985908df1811 14.17 landed
- 22ffbbf24db4 15.12 landed
- 111f4dd273c8 16.8 landed
- a92db3d02dbd 17.4 landed
- efdadeb2238f 18.0 landed