On Thu, Jan 14, 2010 at 8:46 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> I have yet to fully review the code but on a quick glance it looks reasonable.
On further review, it looks less reasonable. :-(
The new PQescapeIdentConn function is basically a cut-up version of
PQescapeStringInternal, which seems like a reasonable foundation, but
it rips out a little too much - specifically:
1. the length argument,
2. the size_t return value,
3. the portion of the handling for incomplete multibyte characters
that prevents us from overrunning the output buffer on a maliciously
constructed (or unlucky) input string, and
4. some relevant comments.
I'm inclined to think we should put all of that stuff back, but
certainly #3 at a minimum.
...Robert