[Pgpool-hackers] [Pgpool-committers] pgpool - pgpool-II: Major cleanup for strncpy().
Guillaume Lelarge
guillaume at lelarge.info
Thu Oct 13 06:35:15 UTC 2011
On Thu, 13 Oct 2011 15:13:19 +0900 (JST), Tatsuo Ishii
<ishii at sraoss.co.jp> wrote:
> I did major cleanup regarding questionable usage of strncpy() as
> stated below. Most of them are harmless since database names and
> tables names aren't that large to raise my concern. Probably the worst
> one is this:
>
> strncpy(query_string_buffer, query, sizeof(query_string_buffer));
>
> "query" represents user supplied SQL. It is possible that machine
> generated query gets far bigger than sizeof(query_string_buffer)
> (which is 1024 bytes) in the real world. I'm not sure if this has
> actually caused problems but...
I sure had a number of customers and users with more than 1024 characters
queries. They weren't pgpool users but they could have been. It was a
problem to fix.
--
Guillaume
http://www.postgresql.fr
http://dalibo.com
More information about the Pgpool-hackers
mailing list