Re: may be a buffer overflow problem
| От | Peter Eisentraut |
|---|---|
| Тема | Re: may be a buffer overflow problem |
| Дата | |
| Msg-id | d7368e2d-f5af-49b2-80bd-31ec8c611834@eisentraut.org обсуждение исходный текст |
| Ответ на | Re: may be a buffer overflow problem (Andres Freund <andres@anarazel.de>) |
| Список | pgsql-hackers |
On 18.06.24 04:35, Andres Freund wrote: > On 2024-06-17 23:52:54 +0200, Daniel Gustafsson wrote: >> Since sqlca is, according to our docs, present in other database systems we >> should probably keep it a 5-char array for portability reasons. Adding a >> padding character should be fine though. > > How about, additionally, adding __attribute__((nonstring))? Wrapped in an > attribute, of course. That'll trigger warning for many unsafe uses, like > strlen(). > > It doesn't quite detect the problematic case in ecpg_log() though, seems it > doesn't understand fprintf() well enough (it does trigger in simple printf() > cases, because they get reduced to puts(), which it understands). See also <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115513>. > Adding nonstring possibly allow us to re-enable -Wstringop-truncation, Note that that would only work because we now always use our own snprintf(), which is not covered by that option. I mean, we could still do it, but it's not like the reasons we originally disabled that option have actually gone away.
В списке pgsql-hackers по дате отправления: