On Tue, Dec 6, 2011 at 17:07, Tom Lane <t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> There is some nice precedent in the CREATE TABLESPACE command (though >> dependent on HAVE_SYMLINK and not HAVE_READLINK), so I'm just going to >> copy the error message from there. > > Fair enough. > > Looking at the existing readlink use in port/exec.c, it strikes me that > another thing you'd better do is include a check for buffer overrun, > ie the test needs to be more like > > rllen = readlink(fname, link_buf, sizeof(link_buf)); > if (rllen < 0 || rllen >= sizeof(link_buf)) > ... fail ...
Seems reasonable, yeah. I'll go put a similar check in the basebackup.c file as well when I'm done here. > Also, you're assuming that the result is already null-terminated, > which is incorrect. No, I'm not - I'm MemSet()ing the whole buffer to 0 before I start. But I'll change that to work the same way as the on in port/exec.c, for consistency. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
