Re: may be a buffer overflow problem
| От | Tom Lane |
|---|---|
| Тема | Re: may be a buffer overflow problem |
| Дата | |
| Msg-id | 3520930.1718678561@sss.pgh.pa.us обсуждение |
| Ответ на | Re: may be a buffer overflow problem (Andres Freund <andres@anarazel.de>) |
| Ответы |
Re: may be a buffer overflow problem
|
| Список | pgsql-hackers |
Andres Freund <andres@anarazel.de> writes:
> On 2024-06-17 23:52:54 +0200, Daniel Gustafsson wrote:
>> Since sqlca is, according to our docs, present in other database systems we
>> should probably keep it a 5-char array for portability reasons. Adding a
>> padding character should be fine though.
> How about, additionally, adding __attribute__((nonstring))? Wrapped in an
> attribute, of course. That'll trigger warning for many unsafe uses, like
> strlen().
What I was advocating for is that we make it *safe* for strlen, not
that we double down on awkward, non-idiomatic, unsafe coding
practices.
Admittedly, I'm not sure how we could persuade compilers that
a char[5] followed by a char field is a normal C string ...
regards, tom lane
В списке pgsql-hackers по дате отправления: