Fix some dubious WAL-parsing code.

Coverity complained about possible buffer overrun in two places added by commit 1eb6d6527, and AFAICS it's reasonable to worry: even granting that the WAL originator properly truncated the commit GID to GIDSIZE, we should not really bet our lives on that having the same value as it does in the current build. Hence, use strlcpy() not strcpy(), and adjust the pointer advancement logic to be sure we skip over the whole source string even if strlcpy() truncated it.
8 years ago · b01f32c313
parent 05e85d35af
commit b01f32c313
1 changed files with 4 additions and 4 deletions
--- a/src/backend/access/rmgrdesc/xactdesc.c
+++ b/src/backend/access/rmgrdesc/xactdesc.c
@ -106,8 +106,8 @@ ParseCommitRecord(uint8 info, xl_xact_commit *xlrec, xl_xact_parsed_commit *pars
 		if (parsed->xinfo & XACT_XINFO_HAS_GID)
 		{
 			int gidlen;
-			strcpy(parsed->twophase_gid, data);
-			gidlen = strlen(parsed->twophase_gid) + 1;
+			strlcpy(parsed->twophase_gid, data, sizeof(parsed->twophase_gid));
+			gidlen = strlen(data) + 1;
 			data += MAXALIGN(gidlen);
 		}
 	}
@ -190,8 +190,8 @@ ParseAbortRecord(uint8 info, xl_xact_abort *xlrec, xl_xact_parsed_abort *parsed)
 		if (parsed->xinfo & XACT_XINFO_HAS_GID)
 		{
 			int gidlen;
-			strcpy(parsed->twophase_gid, data);
-			gidlen = strlen(parsed->twophase_gid) + 1;
+			strlcpy(parsed->twophase_gid, data, sizeof(parsed->twophase_gid));
+			gidlen = strlen(data) + 1;
 			data += MAXALIGN(gidlen);
 		}
 	}