Some doubious code in pgstat.c - Mailing list pgsql-hackers

Hello.

While updating a patch, I noticed that the replication slot stats
patch (9868167500) put some somewhat doubious codes.

In pgstat_recv_replslot, an assertion like the following exists:

>    idx = pgstat_replslot_index(msg->m_slotname, !msg->m_drop);
..
>    Assert(idx >= 0 && idx < max_replication_slots);

But the idx should be 0..(max_replication_slots - 1).


In the same function the following code assumes that the given "char
*name" has the length of NAMEDATALEN.  It actually is, but that
assumption seems a bit bogus. I think it should use strlcpy instead.


>pgstat_replslot_index(const char *name, bool create_it)
...
>    memcpy(&replSlotStats[nReplSlotStats].slotname, name, NAMEDATALEN);

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center
diff --git a/src/backend/postmaster/pgstat.c b/src/backend/postmaster/pgstat.c
index f1dca2f25b..9008601fc4 100644
--- a/src/backend/postmaster/pgstat.c
+++ b/src/backend/postmaster/pgstat.c
@@ -6880,7 +6880,7 @@ pgstat_recv_replslot(PgStat_MsgReplSlot *msg, int len)
     if (idx < 0)
         return;
 
-    Assert(idx >= 0 && idx <= max_replication_slots);
+    Assert(idx >= 0 && idx < max_replication_slots);
     if (msg->m_drop)
     {
         /* Remove the replication slot statistics with the given name */
@@ -7113,7 +7113,7 @@ pgstat_replslot_index(const char *name, bool create_it)
 
     /* Register new slot */
     memset(&replSlotStats[nReplSlotStats], 0, sizeof(PgStat_ReplSlotStats));
-    memcpy(&replSlotStats[nReplSlotStats].slotname, name, NAMEDATALEN);
+    strlcpy(&replSlotStats[nReplSlotStats].slotname, name, NAMEDATALEN);
 
     return nReplSlotStats++;
 }