diff options
| author | Tom Lane | 2018-08-15 20:29:31 +0000 |
|---|---|---|
| committer | Tom Lane | 2018-08-15 20:29:31 +0000 |
| commit | cc4f6b77861803be99dfc17a38052035a0af5ae6 (patch) | |
| tree | 7f4491e1766567a652ec769b97a9213786227f4d /src/test | |
| parent | 805889d7d23fbecf5925443deb334aaeb6beaeb0 (diff) | |
Clean up assorted misuses of snprintf()'s result value.
Fix a small number of places that were testing the result of snprintf()
but doing so incorrectly. The right test for buffer overrun, per C99,
is "result >= bufsize" not "result > bufsize". Some places were also
checking for failure with "result == -1", but the standard only says
that a negative value is delivered on failure.
(Note that this only makes these places correct if snprintf() delivers
C99-compliant results. But at least now these places are consistent
with all the other places where we assume that.)
Also, make psql_start_test() and isolation_start_test() check for
buffer overrun while constructing their shell commands. There seems
like a higher risk of overrun, with more severe consequences, here
than there is for the individual file paths that are made elsewhere
in the same functions, so this seemed like a worthwhile change.
Also fix guc.c's do_serialize() to initialize errno = 0 before
calling vsnprintf. In principle, this should be unnecessary because
vsnprintf should have set errno if it returns a failure indication ...
but the other two places this coding pattern is cribbed from don't
assume that, so let's be consistent.
These errors are all very old, so back-patch as appropriate. I think
that only the shell command overrun cases are even theoretically
reachable in practice, but there's not much point in erroneous error
checks.
Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/isolation/isolation_main.c | 24 | ||||
| -rw-r--r-- | src/test/regress/pg_regress.c | 2 | ||||
| -rw-r--r-- | src/test/regress/pg_regress_main.c | 28 |
3 files changed, 39 insertions, 15 deletions
diff --git a/src/test/isolation/isolation_main.c b/src/test/isolation/isolation_main.c index 58402b74d80..d3ada6d2bcf 100644 --- a/src/test/isolation/isolation_main.c +++ b/src/test/isolation/isolation_main.c @@ -75,15 +75,27 @@ isolation_start_test(const char *testname, add_stringlist_item(expectfiles, expectfile); if (launcher) + { offset += snprintf(psql_cmd + offset, sizeof(psql_cmd) - offset, "%s ", launcher); + if (offset >= sizeof(psql_cmd)) + { + fprintf(stderr, _("command too long\n")); + exit(2); + } + } - snprintf(psql_cmd + offset, sizeof(psql_cmd) - offset, - "\"%s\" \"dbname=%s\" < \"%s\" > \"%s\" 2>&1", - isolation_exec, - dblist->str, - infile, - outfile); + offset += snprintf(psql_cmd + offset, sizeof(psql_cmd) - offset, + "\"%s\" \"dbname=%s\" < \"%s\" > \"%s\" 2>&1", + isolation_exec, + dblist->str, + infile, + outfile); + if (offset >= sizeof(psql_cmd)) + { + fprintf(stderr, _("command too long\n")); + exit(2); + } pid = spawn_process(psql_cmd); diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c index 2ff2acc641b..6890678fa81 100644 --- a/src/test/regress/pg_regress.c +++ b/src/test/regress/pg_regress.c @@ -1024,7 +1024,7 @@ config_sspi_auth(const char *pgdata) } while (0) res = snprintf(fname, sizeof(fname), "%s/pg_hba.conf", pgdata); - if (res < 0 || res >= sizeof(fname) - 1) + if (res < 0 || res >= sizeof(fname)) { /* * Truncating this name is a fatal error, because we must not fail to diff --git a/src/test/regress/pg_regress_main.c b/src/test/regress/pg_regress_main.c index a2bd6a2cd57..bd613e4fda1 100644 --- a/src/test/regress/pg_regress_main.c +++ b/src/test/regress/pg_regress_main.c @@ -63,20 +63,32 @@ psql_start_test(const char *testname, add_stringlist_item(expectfiles, expectfile); if (launcher) + { offset += snprintf(psql_cmd + offset, sizeof(psql_cmd) - offset, "%s ", launcher); + if (offset >= sizeof(psql_cmd)) + { + fprintf(stderr, _("command too long\n")); + exit(2); + } + } + + offset += snprintf(psql_cmd + offset, sizeof(psql_cmd) - offset, + "\"%s%spsql\" -X -a -q -d \"%s\" < \"%s\" > \"%s\" 2>&1", + bindir ? bindir : "", + bindir ? "/" : "", + dblist->str, + infile, + outfile); + if (offset >= sizeof(psql_cmd)) + { + fprintf(stderr, _("command too long\n")); + exit(2); + } appnameenv = psprintf("PGAPPNAME=pg_regress/%s", testname); putenv(appnameenv); - snprintf(psql_cmd + offset, sizeof(psql_cmd) - offset, - "\"%s%spsql\" -X -a -q -d \"%s\" < \"%s\" > \"%s\" 2>&1", - bindir ? bindir : "", - bindir ? "/" : "", - dblist->str, - infile, - outfile); - pid = spawn_process(psql_cmd); if (pid == INVALID_PID) |