| From: | Thiago Caserta <caserta(at)movestax(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [PATCH v1] Replace sprintf() with snprintf() in libpq for safety Anexo: o arquivo |
| Date: | 2026-03-24 19:57:21 |
| Message-ID: | CPYP284MB1221DDF51A8E74C19F07F74EC948A@CPYP284MB1221.BRAP284.PROD.OUTLOOK.COM |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers,
Attached is a patch that converts several sprintf() calls to snprintf() in libpq client library code. While the existing buffers are currently sized correctly, using snprintf() provides an additional safety net against potential buffer overflows and is consistent with the project's general direction of preferring bounded string operations.
Changes:
- fe-auth.c: SSPI target string construction
- fe-connect.c: client encoding query formatting
- fe-exec.c: notice message formatting
- fe-print.c: format string construction
- win32.c: Windows socket error messages
The patch applies cleanly against current HEAD (dd5716f3c74) and passes git diff --check with no whitespace issues. No functional changes are introduced (this is a safety hardening change only).
Best regards,
Thiago Caserta
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Replace-sprintf-with-snprintf-in-libpq-for-safety.patch | application/octet-stream | 3.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thiago Caserta | 2026-03-24 19:58:40 | [PATCH v1] Fix typos: "its a" -> "it's a" in code comments |
| Previous Message | Nathan Bossart | 2026-03-24 19:44:38 | Re: Expanding HOT updates for expression and partial indexes |