Hi hackers, Attached is a patch that converts several sprintf() calls to snprintf() in libpq client library code. While the existing buffers are currently sized correctly, using snprintf() provides an additional safety net against potential buffer overflows and is consistent with the project's general direction of preferring bounded string operations.
Changes: - fe-auth.c: SSPI target string construction - fe-connect.c: client encoding query formatting - fe-exec.c: notice message formatting - fe-print.c: format string construction - win32.c: Windows socket error messages The patch applies cleanly against current HEAD (dd5716f3c74) and passes git diff --check with no whitespace issues. No functional changes are introduced (this is a safety hardening change only). Best regards, Thiago Caserta
v1-0001-Replace-sprintf-with-snprintf-in-libpq-for-safety.patch
Description: v1-0001-Replace-sprintf-with-snprintf-in-libpq-for-safety.patch
