Use snprintf not sprintf in pg_waldump's timestamptz_to_str. This could only cause an issue if strftime returned a ridiculously long timezone name, which seems unlikely; and it wouldn't qualify as a security problem even then, since pg_waldump (nee pg_xlogdump) is a debug tool not part of the server. But gcc 8 has started issuing warnings about it, so let's use snprintf and be safe.
Backpatch to 9.3 where this code was added. Discussion: https://postgr.es/m/[email protected] Branch ------ REL9_4_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/fd079dd0915a2005da2fbfd75fda1cc3611f3a2f Modified Files -------------- contrib/pg_xlogdump/compat.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
