Jacob Champion <pchamp...@vmware.com> writes:
> What would you think about a src/port of asprintf()? Maybe libpq
> doesn't change quickly enough to worry about it, but having developers
> revisit stack allocation for strings every time they target the libpq
> parts of the code seems like a recipe for security problems.
The existing convention is to use pqexpbuffer.c, which seems strictly
cleaner and more robust than asprintf. In particular its behavior under
OOM conditions is far easier/safer to work with. Maybe we should consider
moving that into src/common/ so that it can be used by code that's not
tightly bound into libpq?
regards, tom lane
