Quick Links

Re: 回复: 回复: Fix potential overflow risks from wcscpy and sprintf

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Yan Haibo <haibo(dot)yan(at)hotmail(dot)com>
Cc:	Peter Eisentraut <peter(at)eisentraut(dot)org>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: 回复: 回复: Fix potential overflow risks from wcscpy and sprintf
Date:	2025-06-16 19:46:54
Message-ID:	658992.1750103214@sss.pgh.pa.us
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Yan Haibo <haibo(dot)yan(at)hotmail(dot)com> writes:
> Regarding the use of wcsncpy with LOCALE_NAME_MAX_LENGTH - 1, it is a precaution in case the input string is not null-terminated.

I don't think it's a "precaution". I think it's introducing a real
bug (that is, failure on a locale name of exactly the max allowed
length) to prevent a hypothetical bug.

regards, tom lane

In response to

回复: 回复: Fix potential overflow risks from wcscpy and sprintf at 2025-06-16 19:20:38 from Yan Haibo

Responses

回复: 回复: 回复: Fix potential overflow risks from wcscpy and sprintf at 2025-06-17 03:12:38 from Yan Haibo

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Ranier Vilela	2025-06-16 19:48:16	Avoid possible dereference null pointer (contrib/postgres_fdw/postgres_fdw.c)
Previous Message	Tomas Vondra	2025-06-16 19:45:43	Re: No error checking when reading from file using zstd in pg_dump