"Christopher Kings-Lynne" <[EMAIL PROTECTED]> writes:
>> src/backend/port/dynloader/freebsd.c
> This one is perhaps dodgy. You ahve this:
> static char error_message[BUFSIZ];
> Then you have this:
> sprintf(error_message, "dlopen (%s) not supported", file);
> Where file isn't restricted i
> I've just finished a quick grep through the backend sources for
> "sprintf", and identified the following files as containing possible
> problems:
> src/backend/port/dynloader/freebsd.c
This one is perhaps dodgy. You ahve this:
static char error_message[BUFSIZ];
Then you have this:
"Christopher Kings-Lynne" <[EMAIL PROTECTED]> writes:
> ... Anyway, who cares about printfs
> when stuff like select cash_out(2) is documented?
Well, they're two different issues. The cash_out problem is
intrinsically difficult to fix, and *will* break user-defined datatypes
when we fix it --- s
> I see one unsubstantiated allegation about PG intermixed with a ton
> of content-free navel-gazing. Don't waste my time.
For instance, when I submitted patches for fulltextindex 7.2 it freely used
unchecked sprintf's everywhere. Even now I'm not sure what'll happen if a
malicious user really
On Mon, 12 Aug 2002, Justin Clift wrote:
> Hi everyone,
>
> Whilst looking around for some more PostgreSQL related stuff, this
> message turned up:
>
> http://mail.wirex.com/pipermail/sardonix/2002-February/51.html
>
> The interesting bit is in an email messages included about halfway
> do
Justin Clift <[EMAIL PROTECTED]> writes:
> Whilst looking around for some more PostgreSQL related stuff, this
> message turned up:
> http://mail.wirex.com/pipermail/sardonix/2002-February/51.html
I see one unsubstantiated allegation about PG intermixed with a ton
of content-free navel-gazing.
