Skip site navigation (1) Skip section navigation (2)

Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python
Date: 2010-03-22 23:48:04
Message-ID: 1269301684.14588.33.camel@vanquo.pezone.net (view raw or flat)
Thread:
Lists: pgsql-committerspgsql-hackers
On mån, 2010-03-22 at 19:29 -0400, Tom Lane wrote:
> Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> > I have never used Tcl before just now, and the documentation is sketchy,
> > but it looks like the behavior of Tcl is kind of mixed in this area.
> 
> > Escapes such as "\xd0" are apparently converted to Unicode code points
> > rather than bytes when the appropriate OS locale is set.  So that is
> > safe.  Except that it doesn't work in some locale/charset setups, such
> > as EUC_JP.  To adapt Hannu's original example:
> 
> The pltcl code special-cases Unicode IIRC.

You can observe the equivalent behavior in tclsh, so this isn't pltcl at
work here.

One might argue that the leak is really somewhere in Tcl, since it
allows this kind of thing while claiming to use Unicode.  But that
doesn't really help us ...


In response to

pgsql-hackers by date

Next:From: Takahiro ItagakiDate: 2010-03-23 00:57:31
Subject: Re: WIP: preloading of ispell dictionary
Previous:From: Josh BerkusDate: 2010-03-22 23:39:27
Subject: Re: 9.0 release notes done

pgsql-committers by date

Next:From: Takahiro ItagakiDate: 2010-03-23 01:29:22
Subject: pgsql: Each worker thread will have its own log file in pgbench to avoid
Previous:From: Tom LaneDate: 2010-03-22 23:29:53
Subject: Re: Re: [COMMITTERS] pgsql: Prevent the injection of invalidly encoded strings by PL/Python

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group