diff options
| author | Robert Haas | 2015-01-15 14:26:03 +0000 |
|---|---|---|
| committer | Robert Haas | 2015-01-15 14:26:03 +0000 |
| commit | 0b49642b99ca2818bb8bfcaddf522b2e36a5b350 (patch) | |
| tree | 1a81a52a8c716cb5b25aacd4b4b174bcfce56d63 | |
| parent | 6cfd5086e140b365086d61f25c519d046dfcf7f0 (diff) | |
pg_standby: Avoid writing one byte beyond the end of the buffer.
Previously, read() might have returned a length equal to the buffer
length, and then the subsequent store to buf[len] would write a
zero-byte one byte past the end. This doesn't seem likely to be
a security issue, but there's some chance it could result in
pg_standby misbehaving.
Spotted by Coverity; patch by Michael Paquier, reviewed by me.
| -rw-r--r-- | contrib/pg_standby/pg_standby.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/pg_standby/pg_standby.c b/contrib/pg_standby/pg_standby.c index d6b169264c..2f9f2b4d2e 100644 --- a/contrib/pg_standby/pg_standby.c +++ b/contrib/pg_standby/pg_standby.c @@ -418,7 +418,7 @@ CheckForExternalTrigger(void) return; } - if ((len = read(fd, buf, sizeof(buf))) < 0) + if ((len = read(fd, buf, sizeof(buf) - 1)) < 0) { fprintf(stderr, "WARNING: could not read \"%s\": %s\n", triggerPath, strerror(errno)); |