| From: | Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> |
|---|---|
| To: | Paul A Jungwirth <pj(at)illuminatedcomputing(dot)com> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: SQL:2011 Application Time Update & Delete |
| Date: | 2025-11-14 08:38:31 |
| Message-ID: | 9B820A52-D2F6-465D-B258-6FE8EBA59FAE@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Nov 14, 2025, at 12:10, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> wrote:
>
> 21 - 0008 - ri_triggers.c
> ```
> + quoteOneName(attname,
> + RIAttName(fk_rel, riinfo->fk_attnums[i]));
> ```
>
> This patch uses quoteOneName() a lot. This function simply add double quotes without much checks which is unsafe. I think quote_identifier() is more preferred.
I looked further, and realized that quoteOneName() is widely used in ri_triggers.c and the dest string are all defined as size of MAX_QUOTED_REL_NAME_LEN.
So I take back comment 21.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Kukushkin | 2025-11-14 08:41:52 | Re: Issue with logical replication slot during switchover |
| Previous Message | Peter Eisentraut | 2025-11-14 08:11:48 | Re: Update timezone to C99 |