On Mon, 2021-07-12 at 13:20 -0400, Tom Lane wrote: > > However, that root issue is converted from a relatively minor bug into > > a server crash because snprintf.c treats a NULL pointer passed to %s > > as a crash-worthy error. I have advocated for that behavior in the > > past, but I'm starting to wonder if it wouldn't be wiser to change > > over to the glibc-ish behavior of printing "(null)" or the like. > > So my feeling about this is that switching snprintf.c's behavior > would produce some net gain in robustness for v12 and up, while > not making things any worse for the older branches. I still hold > to the opinion that we've already flushed out all the cases of > passing NULL that we're likely to find via ordinary testing.
New cases could be introduced in the future and might remain undetected. What about adding an Assert that gags on NULLs, but still printing them as "(null)"? That would help find such problems in a debug build. Yours, Laurenz Albe
