Use snprintf not sprintf in pg_waldump's timestamptz_to_str.

This could only cause an issue if strftime returned a ridiculously
long timezone name, which seems unlikely; and it wouldn't qualify
as a security problem even then, since pg_waldump (nee pg_xlogdump)
is a debug tool not part of the server.  But gcc 8 has started issuing
warnings about it, so let's use snprintf and be safe.

Backpatch to 9.3 where this code was added.

Discussion: https://postgr.es/m/21789.1529170195@sss.pgh.pa.us

diff --git a/src/bin/pg_xlogdump/compat.c b/src/bin/pg_xlogdump/compat.c
index 845c2e5234ae34ef500683f8b330beb10bb4e6d3..d9a505196f2faabfa6f6183f16a93b733d04731e 100644 (file)
--- a/src/bin/pg_xlogdump/compat.c
+++ b/src/bin/pg_xlogdump/compat.c
@@ -64,9 +64,11 @@ timestamptz_to_str(TimestampTz dt)
        strftime(zone, sizeof(zone), "%Z", ltime);
 
 #ifdef HAVE_INT64_TIMESTAMP
-       sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
+       snprintf(buf, sizeof(buf),
+                        "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
 #else
-       sprintf(buf, "%s.%.6f %s", ts, fabs(dt - floor(dt)), zone);
+       snprintf(buf, sizeof(buf),
+                        "%s.%.6f %s", ts, fabs(dt - floor(dt)), zone);
 #endif
 
        return buf;