| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Unbounded %s in sscanf |
| Date: | 2021-06-28 14:02:46 |
| Message-ID: | 152448.1624888966@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which
> has an unbounded %s in the format.
> /* fetch xlog value and unit from the result */
> if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2)
> There is no risk of overflow as the unit is defined to be at most 2 characters,
> but that's not explained (like how a similar %s is handled in pg_dump).
Ugh. Shouldn't we instead modify the format to read not more than
two characters? Even if this is safe on non-malicious input, it
doesn't seem like good style.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gilles Darold | 2021-06-28 14:06:54 | Re: Deparsing rewritten query |
| Previous Message | Tom Lane | 2021-06-28 13:54:16 | Re: Preventing abort() and exit() calls in libpq |