From d452bfd1b03a10498101d01a4337654c00bc26e6 Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Thu, 15 Jan 2015 09:26:03 -0500 Subject: [PATCH] pg_standby: Avoid writing one byte beyond the end of the buffer. Previously, read() might have returned a length equal to the buffer length, and then the subsequent store to buf[len] would write a zero-byte one byte past the end. This doesn't seem likely to be a security issue, but there's some chance it could result in pg_standby misbehaving. Spotted by Coverity; patch by Michael Paquier, reviewed by me. --- contrib/pg_standby/pg_standby.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/pg_standby/pg_standby.c b/contrib/pg_standby/pg_standby.c index bdb3362b4b6..ebd7f34b09c 100644 --- a/contrib/pg_standby/pg_standby.c +++ b/contrib/pg_standby/pg_standby.c @@ -435,7 +435,7 @@ CheckForExternalTrigger(void) return; } - if ((len = read(fd, buf, sizeof(buf))) < 0) + if ((len = read(fd, buf, sizeof(buf) - 1)) < 0) { fprintf(stderr, "WARNING: could not read \"%s\": %s\n", triggerPath, strerror(errno));