On Sun, Apr 12, 2026 at 11:15 AM Tom Lane <[email protected]> wrote: > Coverity doesn't like this patch's uses of strncpy(): > > >>> CID 1691464: (BUFFER_SIZE) > >>> Calling "strncpy" with a maximum size argument of 64 bytes on > >>> destination array "remattrmap[attrcnt].local_attname" of size 64 bytes > >>> might leave the destination string unterminated. > 5960 strncpy(remattrmap[attrcnt].local_attname, attname, > NAMEDATALEN); > 5961 strncpy(remattrmap[attrcnt].remote_attname, > remote_attname, NAMEDATALEN); > > I think it's dead right to complain: remote_attname, in particular, > could certainly be longer than NAMEDATALEN. > > AFAICS, postgres_fdw's subsequent uses of those strings only need > them to be nul-terminated C strings, so strncpy's property of > zero-filling the whole buffer is not needed here. I recommend > s/strncpy/strlcpy/.
Seems like a good idea. > It's probably also appropriate to think about using pg_mbcliplen() > to ensure that this code doesn't result in a broken multibyte > character. Will do. I am currently overseas and will be attending an event this week, so I will work on this after returning home. In the meantime, I created an entry for it in the open items list. Thanks! Best regards, Etsuro Fujita
