Re: Unbounded %s in sscanf

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-28T14:45:53Z
Lists: pgsql-hackers
> On 28 Jun 2021, at 16:02, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Ugh.  Shouldn't we instead modify the format to read not more than
> two characters?  Even if this is safe on non-malicious input, it
> doesn't seem like good style.

No disagreement, I was only basing it on what is in the tree.  I would propose
that we change the sscanf in _LoadBlobs() too though to eliminate all such
callsites, even though that one is even safer.  I'll prepare a patch once more
caffeine has been ingested.

--
Daniel Gustafsson		https://vmware.com/




Commits

  1. Fix bug in TOC file error message printing

  2. Fix sscanf limits in pg_basebackup and pg_dump

  3. Fix sscanf limits in pg_dump