Use snprintf not sprintf in pg_waldump's timestamptz_to_str. This could only cause an issue if strftime returned a ridiculously long timezone name, which seems unlikely; and it wouldn't qualify as a security problem even then, since pg_waldump (nee pg_xlogdump) is a debug tool not part of the server. But gcc 8 has started issuing warnings about it, so let's use snprintf and be safe.
Backpatch to 9.3 where this code was added. Discussion: https://postgr.es/m/[email protected] Branch ------ REL9_3_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/3243cbc085b8cd54cf12c323da3b5c8298ed5d69 Modified Files -------------- contrib/pg_xlogdump/compat.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
