| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | David Steele <david(at)pgmasters(dot)net>, Cary Huang <cary(dot)huang(at)highgo(dot)ca>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_rewind copies |
| Date: | 2022-04-04 13:08:12 |
| Message-ID: | 97e6edb1-0f9a-685a-c860-0d886d8f94ba@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 01.04.22 11:00, Daniel Gustafsson wrote:
> One small comment on the patch:
>
> + snprintf(srcpath, sizeof(srcpath), "%s/%s", datadir, path);
>
> This should IMO check the returnvalue of snprintf to ensure it wasn't
> truncated. While the risk is exceedingly small, a truncated filename might
> match another existing filename and the error not getting caught. There is
> another instance just like this one in open_target_file() to which I think we
> should apply the same belts-and-suspenders treatment. I've fixed this in the
> attached version which also have had a pg_indent run on top of a fresh rebase.
We use snprintf() like that countless times, and approximately none of
them check for overflow. So while you are right, this might not be the
place to start a new policy.
If you don't like this approach, use psprintf() perhaps.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2022-04-04 13:16:04 | Re: shared-memory based stats collector - v68 |
| Previous Message | Robert Haas | 2022-04-04 13:05:00 | Re: [PATCH v2] use has_privs_for_role for predefined roles |