From: Tom Lane Date: Sun, 9 May 2010 02:16:00 +0000 (+0000) Subject: Adjust comments about avoiding use of printf's %.*s. X-Git-Tag: REL9_0_BETA2~169 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ed437e2b27c48219a78f3504b0d05c17c2082d02;p=postgresql Adjust comments about avoiding use of printf's %.*s. My initial impression that glibc was measuring the precision in characters (which is what the Linux man page says it does) was incorrect. It does take the precision to be in bytes, but it also tries to truncate the string at a character boundary. The bottom line remains the same: it will mess up if the string is not in the encoding it expects, so we need to avoid %.*s anytime there's a significant risk of that. Previous code changes are still good, but adjust the comments to reflect this knowledge. Per research by Hernan Gonzalez. --- diff --git a/src/backend/parser/scansup.c b/src/backend/parser/scansup.c index 417c79dd14..94082f77a0 100644 --- a/src/backend/parser/scansup.c +++ b/src/backend/parser/scansup.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/parser/scansup.c,v 1.40 2010/05/08 16:39:49 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/parser/scansup.c,v 1.41 2010/05/09 02:15:59 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -178,8 +178,8 @@ truncate_identifier(char *ident, int len, bool warn) if (warn) { /* - * Cannot use %.*s here because some machines interpret %s's - * precision in characters, others in bytes. + * We avoid using %.*s here because it can misbehave if the data + * is not valid in what libc thinks is the prevailing encoding. */ char buf[NAMEDATALEN]; diff --git a/src/backend/tsearch/wparser_def.c b/src/backend/tsearch/wparser_def.c index d2e47ceaf5..cda28103c2 100644 --- a/src/backend/tsearch/wparser_def.c +++ b/src/backend/tsearch/wparser_def.c @@ -7,7 +7,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/tsearch/wparser_def.c,v 1.31 2010/05/08 16:39:49 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/tsearch/wparser_def.c,v 1.32 2010/05/09 02:15:59 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -323,10 +323,9 @@ TParserInit(char *str, int len) #ifdef WPARSER_TRACE /* - * Use of %.*s here is not portable when the string contains multibyte - * characters: some machines interpret the length in characters, others - * in bytes. Since it's only a debugging aid, we haven't bothered to - * fix this. + * Use of %.*s here is a bit risky since it can misbehave if the data + * is not in what libc thinks is the prevailing encoding. However, + * since this is just a debugging aid, we choose to live with that. */ fprintf(stderr, "parsing \"%.*s\"\n", len, str); #endif diff --git a/src/backend/utils/adt/datetime.c b/src/backend/utils/adt/datetime.c index 743ca8345d..65d2b875f0 100644 --- a/src/backend/utils/adt/datetime.c +++ b/src/backend/utils/adt/datetime.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.211 2010/05/08 16:39:51 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.212 2010/05/09 02:15:59 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -3741,11 +3741,9 @@ EncodeDateTime(struct pg_tm * tm, fsec_t fsec, int *tzp, char **tzn, int style, AppendTimestampSeconds(str + strlen(str), tm, fsec); /* - * Note: the uses of %.*s in this function would be unportable - * if the timezone names ever contain non-ASCII characters, - * since some platforms think the string length is measured - * in characters not bytes. However, all TZ abbreviations in - * the Olson database are plain ASCII. + * Note: the uses of %.*s in this function would be risky if the + * timezone names ever contain non-ASCII characters. However, all + * TZ abbreviations in the Olson database are plain ASCII. */ if (tzp != NULL && tm->tm_isdst >= 0) diff --git a/src/bin/psql/print.c b/src/bin/psql/print.c index 1d73fd5790..86e8a09a13 100644 --- a/src/bin/psql/print.c +++ b/src/bin/psql/print.c @@ -3,7 +3,7 @@ * * Copyright (c) 2000-2010, PostgreSQL Global Development Group * - * $PostgreSQL: pgsql/src/bin/psql/print.c,v 1.125 2010/05/08 16:39:52 tgl Exp $ + * $PostgreSQL: pgsql/src/bin/psql/print.c,v 1.126 2010/05/09 02:15:59 tgl Exp $ */ #include "postgres_fe.h" @@ -255,8 +255,8 @@ format_numeric_locale(const char *my_str) /* * fputnbytes: print exactly N bytes to a file * - * Think not to use fprintf with a %.*s format for this. Some machines - * believe %s's precision is measured in characters, others in bytes. + * We avoid using %.*s here because it can misbehave if the data + * is not valid in what libc thinks is the prevailing encoding. */ static void fputnbytes(FILE *f, const char *str, size_t n) diff --git a/src/interfaces/ecpg/pgtypeslib/dt_common.c b/src/interfaces/ecpg/pgtypeslib/dt_common.c index dc5fbe7fd9..52bb5d2ca1 100644 --- a/src/interfaces/ecpg/pgtypeslib/dt_common.c +++ b/src/interfaces/ecpg/pgtypeslib/dt_common.c @@ -1,4 +1,4 @@ -/* $PostgreSQL: pgsql/src/interfaces/ecpg/pgtypeslib/dt_common.c,v 1.52 2010/05/08 16:39:52 tgl Exp $ */ +/* $PostgreSQL: pgsql/src/interfaces/ecpg/pgtypeslib/dt_common.c,v 1.53 2010/05/09 02:15:59 tgl Exp $ */ #include "postgres_fe.h" @@ -856,11 +856,9 @@ EncodeDateTime(struct tm * tm, fsec_t fsec, int *tzp, char **tzn, int style, cha sprintf(str + strlen(str), " BC"); /* - * Note: the uses of %.*s in this function would be unportable - * if the timezone names ever contain non-ASCII characters, - * since some platforms think the string length is measured - * in characters not bytes. However, all TZ abbreviations in - * the Olson database are plain ASCII. + * Note: the uses of %.*s in this function would be risky if the + * timezone names ever contain non-ASCII characters. However, all + * TZ abbreviations in the Olson database are plain ASCII. */ if (tzp != NULL && tm->tm_isdst >= 0) diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c index 096e0d84a7..f76168ccd4 100644 --- a/src/interfaces/libpq/fe-misc.c +++ b/src/interfaces/libpq/fe-misc.c @@ -23,7 +23,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-misc.c,v 1.142 2010/05/08 16:39:53 tgl Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-misc.c,v 1.143 2010/05/09 02:16:00 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -70,8 +70,8 @@ static int pqSocketPoll(int sock, int forRead, int forWrite, time_t end_time); /* * fputnbytes: print exactly N bytes to a file * - * Think not to use fprintf with a %.*s format for this. Some machines - * believe %s's precision is measured in characters, others in bytes. + * We avoid using %.*s here because it can misbehave if the data + * is not valid in what libc thinks is the prevailing encoding. */ static void fputnbytes(FILE *f, const char *str, size_t n)