summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 817f9f9)
raw | patch | inline | side by side (parent: 817f9f9)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Sat, 16 Jun 2018 18:45:47 +0000 (14:45 -0400) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Sat, 16 Jun 2018 18:45:47 +0000 (14:45 -0400) |
This could only cause an issue if strftime returned a ridiculously
long timezone name, which seems unlikely; and it wouldn't qualify
as a security problem even then, since pg_waldump (nee pg_xlogdump)
is a debug tool not part of the server. But gcc 8 has started issuing
warnings about it, so let's use snprintf and be safe.
Backpatch to 9.3 where this code was added.
Discussion: https://postgr.es/m/21789.1529170195@sss.pgh.pa.us
long timezone name, which seems unlikely; and it wouldn't qualify
as a security problem even then, since pg_waldump (nee pg_xlogdump)
is a debug tool not part of the server. But gcc 8 has started issuing
warnings about it, so let's use snprintf and be safe.
Backpatch to 9.3 where this code was added.
Discussion: https://postgr.es/m/21789.1529170195@sss.pgh.pa.us
| contrib/pg_xlogdump/compat.c | patch | blob | blame | history |
index 6ca7012fd906bc80b4d2e1da7dc2537b8acefd83..fe30f541e3abd5a96a50ba9936320cee16f10cec 100644 (file)
strftime(zone, sizeof(zone), "%Z", ltime);
#ifdef HAVE_INT64_TIMESTAMP
- sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
+ snprintf(buf, sizeof(buf),
+ "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
#else
- sprintf(buf, "%s.%.6f %s", ts, fabs(dt - floor(dt)), zone);
+ snprintf(buf, sizeof(buf),
+ "%s.%.6f %s", ts, fabs(dt - floor(dt)), zone);
#endif
return buf;