diff options
| author | Andres Freund <andres@anarazel.de> | 2022-03-23 16:38:43 -0700 |
|---|---|---|
| committer | Andres Freund <andres@anarazel.de> | 2022-03-27 18:15:14 -0700 |
| commit | 344d89abf36b9ea559a4b25543bbc7d4206988f5 (patch) | |
| tree | c853d09d51cc0648eb7a1fba55fbe11c9399ef2b | |
| parent | 9016a2a3dc4ee7e41ecda5a8b3a3d3481de94964 (diff) | |
| download | postgresql-344d89abf36b9ea559a4b25543bbc7d4206988f5.tar.gz postgresql-344d89abf36b9ea559a4b25543bbc7d4206988f5.zip | |
waldump: fix use-after-free in search_directory().
After closedir() dirent->d_name is not valid anymore. As there alerady are a
few places relying on the limited lifetime of pg_waldump, do so here as well,
and just pg_strdup() the string.
The bug was introduced in fc49e24fa69a.
Found by UBSan, run locally.
Backpatch: 11-, like fc49e24fa69 itself.
| -rw-r--r-- | src/bin/pg_waldump/pg_waldump.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bin/pg_waldump/pg_waldump.c b/src/bin/pg_waldump/pg_waldump.c index 3730156e100..f6cce2442c0 100644 --- a/src/bin/pg_waldump/pg_waldump.c +++ b/src/bin/pg_waldump/pg_waldump.c @@ -177,7 +177,7 @@ search_directory(const char *directory, const char *fname) if (IsXLogFileName(xlde->d_name)) { fd = open_file_in_directory(directory, xlde->d_name); - fname = xlde->d_name; + fname = pg_strdup(xlde->d_name); break; } } |