Re: Unbounded %s in sscanf - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Unbounded %s in sscanf
Date
Msg-id 152448.1624888966@sss.pgh.pa.us
Whole thread Raw
In response to Unbounded %s in sscanf  (Daniel Gustafsson <daniel@yesql.se>)
Responses Re: Unbounded %s in sscanf
List pgsql-hackers
Daniel Gustafsson <daniel@yesql.se> writes:
> I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which
> has an unbounded %s in the format.

>     /* fetch xlog value and unit from the result */
>     if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2)

> There is no risk of overflow as the unit is defined to be at most 2 characters,
> but that's not explained (like how a similar %s is handled in pg_dump).

Ugh.  Shouldn't we instead modify the format to read not more than
two characters?  Even if this is safe on non-malicious input, it
doesn't seem like good style.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Preventing abort() and exit() calls in libpq
Next
From: Gilles Darold
Date:
Subject: Re: Deparsing rewritten query