2010/1/16 Robert Haas <robertmhaas(at)gmail(dot)com>:
> On Thu, Jan 14, 2010 at 8:46 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> I have yet to fully review the code but on a quick glance it looks reasonable.
> On further review, it looks less reasonable. :-(
> The new PQescapeIdentConn function is basically a cut-up version of
> PQescapeStringInternal, which seems like a reasonable foundation, but
> it rips out a little too much - specifically:
> 1. the length argument,
> 2. the size_t return value,
> 3. the portion of the handling for incomplete multibyte characters
> that prevents us from overrunning the output buffer on a maliciously
> constructed (or unlucky) input string, and
> 4. some relevant comments.
Yes, I didn't repeat parameter's pattern from PQescapeStringConn, I
would to simplify interface but I hasn't problem to modify it to same
I rewrote patch so now interface for PQescapeIdentConn is same as
@3. I though so the protection under incomplete multibyte chars are
enought - missing bytes are replaced by space - like
PQescapeStringConn does. But now - mechanism is exactly same, so this
problem should be solved.
> I'm inclined to think we should put all of that stuff back, but
> certainly #3 at a minimum.
In response to
pgsql-hackers by date
|Next:||From: Peter Eisentraut||Date: 2010-01-17 19:05:43|
|Subject: Git out of sync vs. CVS|
|Previous:||From: Tom Lane||Date: 2010-01-17 17:29:55|
|Subject: Fixing handling of constraint triggers|