Daniel Gustafsson writes:
> I propose to apply the attached all the way down (with the basebackup hunk
> from
> 11), or down to 10 if we want to be conservative with the final 9.6 re ancient
> bugs that haven't seen complaints.
LGTM. No objection to applying this in 9.6.
> On 30 Jul 2021, at 18:03, Tom Lane wrote:
>
> Daniel Gustafsson writes:
>> I took another look at this today, and propose to push the attached. The
>> pg_dump fix goes all the way back to 9.6 whereas the pg_basebackup fix is
>> from
>> 11 and onwards. The adjacent shadowed variable bug in
Daniel Gustafsson writes:
> I took another look at this today, and propose to push the attached. The
> pg_dump fix goes all the way back to 9.6 whereas the pg_basebackup fix is from
> 11 and onwards. The adjacent shadowed variable bug in pg_dump is also present
> since 9.6.
> Thoughts?
I took another look at this today, and propose to push the attached. The
pg_dump fix goes all the way back to 9.6 whereas the pg_basebackup fix is from
11 and onwards. The adjacent shadowed variable bug in pg_dump is also present
since 9.6.
Thoughts?
--
Daniel Gustafsson
> On 28 Jun 2021, at 16:45, Daniel Gustafsson wrote:
>
>> On 28 Jun 2021, at 16:02, Tom Lane wrote:
>
>> Ugh. Shouldn't we instead modify the format to read not more than
>> two characters? Even if this is safe on non-malicious input, it
>> doesn't seem like good style.
>
> No disagreement,
On 2021-Jun-28, Daniel Gustafsson wrote:
> I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which
> has an unbounded %s in the format.
>
> /* fetch xlog value and unit from the result */
> if (sscanf(PQgetvalue(res, 0, 0), "%d%s", _val, xlog_unit) != 2)
>
> There
> On 28 Jun 2021, at 16:02, Tom Lane wrote:
> Ugh. Shouldn't we instead modify the format to read not more than
> two characters? Even if this is safe on non-malicious input, it
> doesn't seem like good style.
No disagreement, I was only basing it on what is in the tree. I would propose
that
Daniel Gustafsson writes:
> I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which
> has an unbounded %s in the format.
> /* fetch xlog value and unit from the result */
> if (sscanf(PQgetvalue(res, 0, 0), "%d%s", _val, xlog_unit) != 2)
> There is no risk of
I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which
has an unbounded %s in the format.
/* fetch xlog value and unit from the result */
if (sscanf(PQgetvalue(res, 0, 0), "%d%s", _val, xlog_unit) != 2)
There is no risk of overflow as the unit is defined to be at
