| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Unbounded %s in sscanf |
| Date: | 2021-06-28 13:06:37 |
| Message-ID: | B14D3D7B-F98C-4E20-9459-C122C67647FB@yesql.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which
has an unbounded %s in the format.
/* fetch xlog value and unit from the result */
if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2)
There is no risk of overflow as the unit is defined to be at most 2 characters,
but that's not explained (like how a similar %s is handled in pg_dump). The
attached adds a small explanation in the comment to save readers time from
following the bouncing ball to make sure.
--
Daniel Gustafsson https://vmware.com/
| Attachment | Content-Type | Size |
|---|---|---|
| pg_basebackup_sscanf.diff | application/octet-stream | 584 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2021-06-28 13:25:34 | Re: pgindent run |
| Previous Message | Boris Kolpackov | 2021-06-28 12:56:43 | Re: Pipeline mode and PQpipelineSync() |