Overruns (was: 'pgsql/src/backend/lib stringinfo.c')

Bruce Momjian wrote:
> 
> > Update of /usr/local/cvsroot/pgsql/src/backend/lib
> > In directory hub.org:/tmp/cvs-serv21717
> >
> > Modified Files:
> >       stringinfo.c
> > Log Message:
> > Fix a potential infinite loop in appendStringInfo: would lock
> > up if first string to be appended to an empty StringInfo was longer
> > than the initial space allocation.
> > Also speed it up slightly.
> 
> Does this remove the need for vsnprintf?

I don't think so,
vsprintf is still used if 6 places in to src tree, 5 of them is in
the backend. Each of these should be examined to determent wheater
those can be rewritten or if vsnprintf is needed.

To make matter worse:

guevara-goran# pwd
/usr/local/src/cvs/pgsql/src
guevara-goran# grep -n sprintf `find .` | wc -l   875
guevara-goran# cd backend/
guevara-goran# grep -n sprintf `find .` | wc -l   474

Their is lot of potential overruns in there,
and since pgsql is a net(-able) server we
should take that seriously.

I will look closer at these issues as time permits. 
mvh,
-- 
---------------------------------------------
Göran Thyni, sysadm, JMS Bildbasen, Kiruna