Re: Unbounded %s in sscanf
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-28T14:45:53Z
Lists: pgsql-hackers
> On 28 Jun 2021, at 16:02, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Ugh. Shouldn't we instead modify the format to read not more than > two characters? Even if this is safe on non-malicious input, it > doesn't seem like good style. No disagreement, I was only basing it on what is in the tree. I would propose that we change the sscanf in _LoadBlobs() too though to eliminate all such callsites, even though that one is even safer. I'll prepare a patch once more caffeine has been ingested. -- Daniel Gustafsson https://vmware.com/
Commits
-
Fix bug in TOC file error message printing
- ef1f15819a38 9.6.24 landed
- e788883de715 12.9 landed
- 998d060f3db7 15.0 landed
- 687fe8a9d7a6 13.5 landed
- 4fda03b671a6 10.19 landed
- 3e2f32b01d3b 14.1 landed
- 038892c81018 11.14 landed
-
Fix sscanf limits in pg_basebackup and pg_dump
- d3a4c1eb3d21 13.5 landed
- 931f3926a9f6 11.14 landed
- 57bf8f7b75ec 12.9 landed
- 1d7641d51a51 15.0 landed
- 121be6a665aa 14.1 landed
-
Fix sscanf limits in pg_dump
- abdf81a20ba2 10.19 landed
- 6b96aafc67ac 9.6.24 landed