mirror of
https://github.com/postgres/postgres.git
synced 2026-02-25 10:50:50 -05:00
6101bc2f45
Fix a small number of places that were testing the result of snprintf() but doing so incorrectly. The right test for buffer overrun, per C99, is "result >= bufsize" not "result > bufsize". Some places were also checking for failure with "result == -1", but the standard only says that a negative value is delivered on failure. (Note that this only makes these places correct if snprintf() delivers C99-compliant results. But at least now these places are consistent with all the other places where we assume that.) Also, make psql_start_test() and isolation_start_test() check for buffer overrun while constructing their shell commands. There seems like a higher risk of overrun, with more severe consequences, here than there is for the individual file paths that are made elsewhere in the same functions, so this seemed like a worthwhile change. Also fix guc.c's do_serialize() to initialize errno = 0 before calling vsnprintf. In principle, this should be unnecessary because vsnprintf should have set errno if it returns a failure indication ... but the other two places this coding pattern is cribbed from don't assume that, so let's be consistent. These errors are all very old, so back-patch as appropriate. I think that only the shell command overrun cases are even theoretically reachable in practice, but there's not much point in erroneous error checks. Discussion: https://postgr.es/m/17245.1534289329@sss.pgh.pa.us |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| chklocale.c | ||
| crypt.c | ||
| dirent.c | ||
| dirmod.c | ||
| erand48.c | ||
| fls.c | ||
| fseeko.c | ||
| getaddrinfo.c | ||
| getopt.c | ||
| getopt_long.c | ||
| getpeereid.c | ||
| getrusage.c | ||
| gettimeofday.c | ||
| inet_aton.c | ||
| inet_net_ntop.c | ||
| isinf.c | ||
| kill.c | ||
| Makefile | ||
| mkdtemp.c | ||
| noblock.c | ||
| open.c | ||
| path.c | ||
| pg_crc32c_choose.c | ||
| pg_crc32c_sb8.c | ||
| pg_crc32c_sse42.c | ||
| pg_strong_random.c | ||
| pgcheckdir.c | ||
| pgmkdirp.c | ||
| pgsleep.c | ||
| pgstrcasecmp.c | ||
| pqsignal.c | ||
| pthread-win32.h | ||
| qsort.c | ||
| qsort_arg.c | ||
| quotes.c | ||
| random.c | ||
| README | ||
| rint.c | ||
| snprintf.c | ||
| sprompt.c | ||
| srandom.c | ||
| strerror.c | ||
| strlcat.c | ||
| strlcpy.c | ||
| system.c | ||
| tar.c | ||
| thread.c | ||
| unsetenv.c | ||
| win32.ico | ||
| win32env.c | ||
| win32error.c | ||
| win32security.c | ||
| win32setlocale.c | ||
| win32ver.rc | ||
src/port/README
libpgport
=========
libpgport must have special behavior. It supplies functions to both
libraries and applications. However, there are two complexities:
1) Libraries need to use object files that are compiled with exactly
the same flags as the library. libpgport might not use the same flags,
so it is necessary to recompile the object files for individual
libraries. This is done by removing -lpgport from the link line:
# Need to recompile any libpgport object files
LIBS := $(filter-out -lpgport, $(LIBS))
and adding infrastructure to recompile the object files:
OBJS= execute.o typename.o descriptor.o data.o error.o prepare.o memory.o \
connect.o misc.o path.o exec.o \
$(filter snprintf.o, $(LIBOBJS))
The problem is that there is no testing of which object files need to be
added, but missing functions usually show up when linking user
applications.
2) For applications, we use -lpgport before -lpq, so the static files
from libpgport are linked first. This avoids having applications
dependent on symbols that are _used_ by libpq, but not intended to be
exported by libpq. libpq's libpgport usage changes over time, so such a
dependency is a problem. Windows, Linux, and macOS use an export list to
control the symbols exported by libpq.