On Sun, Feb 26, 2012 at 8:53 AM, Euler Taveira de Oliveira <eu...@timbira.com> wrote: > On 25-02-2012 09:23, Magnus Hagander wrote: >> Do we even *need* the validate_xlog_location() function? If we just >> remove those calls, won't we still catch all the incorrectly formatted >> ones in the errors of the sscanf() calls? Or am I too deep into >> weekend-mode and missing something obvious? >> > sscanf() is too fragile for input sanity check. Try > pg_xlog_location_diff('12/3', '-10/0'), for example. I won't object removing > that function if you protect xlog location input from silly users.
After this patch will have been committed, it would be better to change pg_xlogfile_name() and pg_xlogfile_name_offset() so that they use the validate_xlog_location() function to validate the input. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers