Use snprintf not sprintf in pg_waldump's timestamptz_to_str.

This could only cause an issue if strftime returned a ridiculously
long timezone name, which seems unlikely; and it wouldn't qualify
as a security problem even then, since pg_waldump (nee pg_xlogdump)
is a debug tool not part of the server.  But gcc 8 has started issuing
warnings about it, so let's use snprintf and be safe.

Backpatch to 9.3 where this code was added.

Discussion: https://postgr.es/m/21789.1529170195@sss.pgh.pa.us

diff --git a/src/bin/pg_waldump/compat.c b/src/bin/pg_waldump/compat.c
index 19a3a9d0c5940d5c7107c43017e97c6299149649..22ded8602c545c565d37dd98fd0d4ec4008db367 100644 (file)
--- a/src/bin/pg_waldump/compat.c
+++ b/src/bin/pg_waldump/compat.c
@@ -58,7 +58,8 @@ timestamptz_to_str(TimestampTz dt)
        strftime(ts, sizeof(ts), "%Y-%m-%d %H:%M:%S", ltime);
        strftime(zone, sizeof(zone), "%Z", ltime);
 
-       sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
+       snprintf(buf, sizeof(buf), "%s.%06d %s",
+                        ts, (int) (dt % USECS_PER_SEC), zone);
 
        return buf;
 }