From 6839aa7a6921d133a51e6162b9ee710ab712293d Mon Sep 17 00:00:00 2001 From: Andres Freund Date: Wed, 23 Mar 2022 16:38:43 -0700 Subject: [PATCH] waldump: fix use-after-free in search_directory(). After closedir() dirent->d_name is not valid anymore. As there alerady are a few places relying on the limited lifetime of pg_waldump, do so here as well, and just pg_strdup() the string. The bug was introduced in fc49e24fa69a. Found by UBSan, run locally. Backpatch: 11-, like fc49e24fa69 itself. --- src/bin/pg_waldump/pg_waldump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/pg_waldump/pg_waldump.c b/src/bin/pg_waldump/pg_waldump.c index a8cf58e35f5..2daed328e7d 100644 --- a/src/bin/pg_waldump/pg_waldump.c +++ b/src/bin/pg_waldump/pg_waldump.c @@ -177,7 +177,7 @@ search_directory(const char *directory, const char *fname) if (IsXLogFileName(xlde->d_name)) { fd = open_file_in_directory(directory, xlde->d_name); - fname = xlde->d_name; + fname = pg_strdup(xlde->d_name); break; } }