Seg fault join with postgres table

[mko]

Ticket #2006 did set some quotes to the database select string for postgres joins. See r9049 and r9050. However, now there are 2 bytes length missing when calling malloc.

SELECT  FROM  WHERE  = ''

is 25 bytes + \0.

[mko]

changing malloc to respect quotes from #2006

[tbonfort]

fixed in trunk (r12760), 56 (r12762) and 60 (r12761) branches.

[rouault]

I'm very far from being a huge advocate of C++ and tend to make very limited use of its capability in other projects (GDAL...), but such a bug would strongly militate to use std::string facility concerning automatic memory allocation... Counting the number of bytes is just not maintenable.

Is there a policy in mapserver to only use C ?

[tbonfort]

Even,

There is no policy strictly against using c++, but historically we will stick to C when possible. I don't see that changing in the short term although I personally have nothing against switching.

I agree that the current issue is a problem that can bite elsewhere in the code. Rather than using std::string which would be too disruptive, I would advocate using #defines and strlen in these cases, as unless I am mistaken in that case the strlen call is optimized out by the compiler.

#define my_sql_string "select from \"%s\" where \"%s\"='%s';"

char *final_sql = malloc(strlen(my_sql_string)+ ... );
}