diff options
| author | Tom Lane | 2018-08-15 20:29:32 +0000 |
|---|---|---|
| committer | Tom Lane | 2018-08-15 20:29:32 +0000 |
| commit | d371efb39c33f79ad5f6741d76bfae54df21eb55 (patch) | |
| tree | 242fdbc92bd24defdc71ad7e1418a76ea1820c70 /src/backend | |
| parent | ae1011870a039f72efee6bacb02b7408af4714fc (diff) | |
Clean up assorted misuses of snprintf()'s result value.
Fix a small number of places that were testing the result of snprintf()
but doing so incorrectly. The right test for buffer overrun, per C99,
is "result >= bufsize" not "result > bufsize". Some places were also
checking for failure with "result == -1", but the standard only says
that a negative value is delivered on failure.
(Note that this only makes these places correct if snprintf() delivers
C99-compliant results. But at least now these places are consistent
with all the other places where we assume that.)
Also, make psql_start_test() and isolation_start_test() check for
buffer overrun while constructing their shell commands. There seems
like a higher risk of overrun, with more severe consequences, here
than there is for the individual file paths that are made elsewhere
in the same functions, so this seemed like a worthwhile change.
Also fix guc.c's do_serialize() to initialize errno = 0 before
calling vsnprintf. In principle, this should be unnecessary because
vsnprintf should have set errno if it returns a failure indication ...
but the other two places this coding pattern is cribbed from don't
assume that, so let's be consistent.
These errors are all very old, so back-patch as appropriate. I think
that only the shell command overrun cases are even theoretically
reachable in practice, but there's not much point in erroneous error
checks.
Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/libpq/ip.c | 6 | ||||
| -rw-r--r-- | src/backend/postmaster/pgstat.c | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/src/backend/libpq/ip.c b/src/backend/libpq/ip.c index 0196c02223b..9b23ede7f62 100644 --- a/src/backend/libpq/ip.c +++ b/src/backend/libpq/ip.c @@ -240,7 +240,7 @@ getnameinfo_unix(const struct sockaddr_un * sa, int salen, char *service, int servicelen, int flags) { - int ret = -1; + int ret; /* Invalid arguments. */ if (sa == NULL || sa->sun_family != AF_UNIX || @@ -250,14 +250,14 @@ getnameinfo_unix(const struct sockaddr_un * sa, int salen, if (node) { ret = snprintf(node, nodelen, "%s", "[local]"); - if (ret == -1 || ret > nodelen) + if (ret < 0 || ret >= nodelen) return EAI_MEMORY; } if (service) { ret = snprintf(service, servicelen, "%s", sa->sun_path); - if (ret == -1 || ret > servicelen) + if (ret < 0 || ret >= servicelen) return EAI_MEMORY; } diff --git a/src/backend/postmaster/pgstat.c b/src/backend/postmaster/pgstat.c index 236ebadddda..9a9c51648bb 100644 --- a/src/backend/postmaster/pgstat.c +++ b/src/backend/postmaster/pgstat.c @@ -3768,7 +3768,7 @@ get_dbstat_filename(bool permanent, bool tempname, Oid databaseid, pgstat_stat_directory, databaseid, tempname ? "tmp" : "stat"); - if (printed > len) + if (printed >= len) elog(ERROR, "overlength pgstat path"); } |