]> granicus.if.org Git - postgresql/commitdiff
Repair unsafe/unportable snprintf usage in pg_restore.
authorTom Lane <tgl@sss.pgh.pa.us>
Sun, 10 Feb 2019 00:45:38 +0000 (19:45 -0500)
committerTom Lane <tgl@sss.pgh.pa.us>
Sun, 10 Feb 2019 00:45:38 +0000 (19:45 -0500)
warn_or_exit_horribly() was blithely passing a potentially-NULL
string pointer to a %s format specifier.  That works (at least
to the extent of not crashing) on some platforms, but not all,
and since we switched to our own snprintf.c it doesn't work
for us anywhere.

Of the three string fields being handled this way here, I think
that only "owner" is supposed to be nullable ... but considering
that this is error-reporting code, it has very little business
assuming anything, so put in defenses for all three.

Per a crash observed on buildfarm member crake and then
reproduced here.  Because of the portability aspect,
back-patch to all supported versions.

src/bin/pg_dump/pg_backup_archiver.c

index a015c664598cde34a5aebf8ea4a5ce558ce5f90d..8b55f5952c3d78d3fe50d6e9636f76d9ec9492bb 100644 (file)
@@ -1793,8 +1793,11 @@ warn_or_exit_horribly(ArchiveHandle *AH,
        {
                write_msg(modulename, "Error from TOC entry %d; %u %u %s %s %s\n",
                                  AH->currentTE->dumpId,
-                                 AH->currentTE->catalogId.tableoid, AH->currentTE->catalogId.oid,
-                                 AH->currentTE->desc, AH->currentTE->tag, AH->currentTE->owner);
+                                 AH->currentTE->catalogId.tableoid,
+                                 AH->currentTE->catalogId.oid,
+                                 AH->currentTE->desc ? AH->currentTE->desc : "(no desc)",
+                                 AH->currentTE->tag ? AH->currentTE->tag : "(no tag)",
+                                 AH->currentTE->owner ? AH->currentTE->owner : "(no owner)");
        }
        AH->lastErrorStage = AH->stage;
        AH->lastErrorTE = AH->currentTE;