From 32be1c8e900b89a89ec5e3a064c6b6010869d062 Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Sat, 15 Feb 2014 11:50:56 -0500
Subject: [PATCH] Remove use of sscanf in pg_upgrade, and add C comment to
 pg_dump

Per report from Jackie Chang
---
 contrib/pg_upgrade/option.c           | 5 +++--
 src/bin/pg_dump/pg_backup_directory.c | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/contrib/pg_upgrade/option.c b/contrib/pg_upgrade/option.c
index 79b59ee17d2..4c08e94ffd0 100644
--- a/contrib/pg_upgrade/option.c
+++ b/contrib/pg_upgrade/option.c
@@ -453,9 +453,10 @@ get_sock_dir(ClusterInfo *cluster, bool live_check)
 					sscanf(line, "%hu", &old_cluster.port);
 				if (lineno == LOCK_FILE_LINE_SOCKET_DIR)
 				{
-					cluster->sockdir = pg_malloc(MAXPGPATH);
+					cluster->sockdir = pg_strdup(line);
 					/* strip off newline */
-					sscanf(line, "%s\n", cluster->sockdir);
+					if (strchr(cluster->sockdir, '\n') != NULL)
+						*strchr(cluster->sockdir, '\n') = '\0';
 				}
 			}
 			fclose(fp);
diff --git a/src/bin/pg_dump/pg_backup_directory.c b/src/bin/pg_dump/pg_backup_directory.c
index 71b96bd9180..1bed8a9fea5 100644
--- a/src/bin/pg_dump/pg_backup_directory.c
+++ b/src/bin/pg_dump/pg_backup_directory.c
@@ -452,6 +452,7 @@ _LoadBlobs(ArchiveHandle *AH, RestoreOptions *ropt)
 		char		fname[MAXPGPATH];
 		char		path[MAXPGPATH];
 
+		/* Can't overflow because line and fname are the same length. */
 		if (sscanf(line, "%u %s\n", &oid, fname) != 2)
 			exit_horribly(modulename, "invalid line in large object TOC file \"%s\": \"%s\"\n",
 						  fname, line);
-- 
GitLab