On 2018-08-15 14:05:29 -0400, Tom Lane wrote: > I wrote: > > Meh --- the hazards of back-patching seem to me to be more hypothetical > > than the benefits. Still, I seem to be in the minority, so I withdraw > > the proposal to back-patch. > > Actually, after digging around a bit, I'm excited about this again. > There are only a couple dozen places in our tree that pay any attention > to the result of (v)snprintf, but with the exception of psnprintf, > appendPQExpBufferVA, and one or two other places, *they're all assuming > C99 semantics*, and will fail to detect buffer overflow with the pre-C99 > behavior. > > Probably a lot of these are not live bugs because buffer overrun is > not ever going to occur in practice. But at least pg_upgrade and > pg_regress are constructing command strings including externally > supplied paths, so overrun doesn't seem impossible. If it happened, > they'd merrily proceed to execute a truncated command. > > If we don't backpatch the snprintf change, we're morally obliged to > back-patch some other fix for these places. At least one of them, > in plperl's pport.h, is not our code and so changing it seems like > a bad idea. > > Still want to argue for no backpatch? > > regards, tom lane > > PS: I also found a couple of places that are just wrong regardless > of semantics: they're checking overflow by "result > bufsize", not > "result >= bufsize". Will fix those in any case.
I'm a bit confused. Why did you just backpatch this ~two hours after people objected to the idea? Even if it were during my current work hours, I don't even read mail that often if I'm hacking on something complicated. Greetings, Andres Freund
