database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-02 09:02:37 +03:00
Code Activity

Clean up assorted misuses of snprintf()'s result value.

Browse Source 
Fix a small number of places that were testing the result of snprintf()
but doing so incorrectly.  The right test for buffer overrun, per C99,
is "result >= bufsize" not "result > bufsize".  Some places were also
checking for failure with "result == -1", but the standard only says
that a negative value is delivered on failure.

(Note that this only makes these places correct if snprintf() delivers
C99-compliant results.  But at least now these places are consistent
with all the other places where we assume that.)

Also, make psql_start_test() and isolation_start_test() check for
buffer overrun while constructing their shell commands.  There seems
like a higher risk of overrun, with more severe consequences, here
than there is for the individual file paths that are made elsewhere
in the same functions, so this seemed like a worthwhile change.

Also fix guc.c's do_serialize() to initialize errno = 0 before
calling vsnprintf.  In principle, this should be unnecessary because
vsnprintf should have set errno if it returns a failure indication ...
but the other two places this coding pattern is cribbed from don't
assume that, so let's be consistent.

These errors are all very old, so back-patch as appropriate.  I think
that only the shell command overrun cases are even theoretically
reachable in practice, but there's not much point in erroneous error
checks.

Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us
This commit is contained in:
Tom Lane
2018-08-15 16:29:31 -04:00
parent 805889d7d2
commit cc4f6b7786
8 changed files with 47 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/common/ip.c
View File

@ -233,7 +233,7 @@ getnameinfo_unix(const struct sockaddr_un *sa, int salen,
char *service, int servicelen,
int flags)
{
int ret = -1;
int ret;
/* Invalid arguments. */
if (sa == NULL || sa->sun_family != AF_UNIX ||
@ -243,14 +243,14 @@ getnameinfo_unix(const struct sockaddr_un *sa, int salen,
if (node)
{
ret = snprintf(node, nodelen, "%s", "[local]");
if (ret == -1 || ret > nodelen)
if (ret < 0 || ret >= nodelen)
return EAI_MEMORY;
}
if (service)
{
ret = snprintf(service, servicelen, "%s", sa->sun_path);
if (ret == -1 || ret > servicelen)
if (ret < 0 || ret >= servicelen)
return EAI_MEMORY;
}