Re: lower() and unaccent() not leakproof

2021-08-26 Thread Tom Lane
Peter Eisentraut writes: > I think the complexity of the implementation of upper() and lower() is > on the same order as bttextcmp() and similar, so it wouldn't be totally > out of scope. True. But you'll recall that the decision to mark bttextcmp() and cohorts as leakproof was not made withou

Re: lower() and unaccent() not leakproof

2021-08-26 Thread Daniel Gustafsson
> On 26 Aug 2021, at 16:59, Peter Eisentraut > wrote: > On 26.08.21 10:40, Daniel Gustafsson wrote: >> Wouldn’t the difference in possible error messages in upper/lower be able to >> leak whether the input is ascii or wide chars, and/or the collation? > > Yeah, but there aren't any error messag

Re: lower() and unaccent() not leakproof

2021-08-26 Thread Peter Eisentraut
On 26.08.21 16:00, Tom Lane wrote: Generally speaking, we've been resistant to marking anything leakproof unless it has a very small code footprint that can be easily audited. In particular, anything that shares a lot of infrastructure with not-leakproof functions seems quite hazardous. Even if

Re: lower() and unaccent() not leakproof

2021-08-26 Thread Peter Eisentraut
On 26.08.21 10:40, Daniel Gustafsson wrote: On 26 Aug 2021, at 09:58, Peter Eisentraut wrote: On 26.08.21 06:52, David G. Johnston wrote: On Wednesday, August 25, 2021, Christophe Pettus mailto:x...@thebuild.com>> wrote: lower() and unaccent() (and most string functions) are not marked as

Re: lower() and unaccent() not leakproof

2021-08-26 Thread Tom Lane
Peter Eisentraut writes: > On 26.08.21 06:52, David G. Johnston wrote: >> On Wednesday, August 25, 2021, Christophe Pettus > > wrote: >>> lower() and unaccent() (and most string functions) are not marked as >>> leakproof.  Is this due to possible locale / character encodi

Re: lower() and unaccent() not leakproof

2021-08-26 Thread Daniel Gustafsson
> On 26 Aug 2021, at 09:58, Peter Eisentraut > wrote: > > On 26.08.21 06:52, David G. Johnston wrote: >> On Wednesday, August 25, 2021, Christophe Pettus > > wrote: >>lower() and unaccent() (and most string functions) are not marked as >>leakproof. Is this due

Re: lower() and unaccent() not leakproof

2021-08-26 Thread Peter Eisentraut
On 26.08.21 06:52, David G. Johnston wrote: On Wednesday, August 25, 2021, Christophe Pettus > wrote: lower() and unaccent() (and most string functions) are not marked as leakproof.  Is this due to possible locale / character encoding errors they might encou

Re: lower() and unaccent() not leakproof

2021-08-25 Thread David G. Johnston
On Wednesday, August 25, 2021, Christophe Pettus wrote: > > lower() and unaccent() (and most string functions) are not marked as > leakproof. Is this due to possible locale / character encoding errors they > might encounter? > > I think you are partially correct. Its due to the fact that error m