GCC 8 warnings
Hi,
While building stable releases and v11 on Fedora 28, I am seeing some warnings.
What is the project's policy about fixing those warnings in older branches?
To contribute to world peace, I did not attach the text to the email. Here is
what I see in today's git snapshot:
https://gunduz.org/temp/pg-gcc8-v11.txt
...and this is from 9.6:
https://gunduz.org/temp/pg-gcc8-9.6.txt
Regards,
--
Devrim Gündüz
EnterpriseDB: https://www.enterprisedb.com
PostgreSQL Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR
On 4/24/18 05:57, Devrim Gündüz wrote:
While building stable releases and v11 on Fedora 28, I am seeing some warnings.
Attached is a patch to fix these warnings in master. These are very
similar to the class of warnings we fixed last time around for GCC 7.
GCC 8 is now frozen, so it would be a good time to move ahead with this.
What is the project's policy about fixing those warnings in older branches?
We did backpatch the GCC 7 changes. We could do the same here, but it's
a pretty sizeable number of changes.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Attachments:
0001-Fix-new-warnings-from-GCC-8.patchtext/plain; charset=UTF-8; name=0001-Fix-new-warnings-from-GCC-8.patch; x-mac-creator=0; x-mac-type=0Download
From ce6142824b745d83511c73efe88c0e2d0ad0522b Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Mon, 9 Apr 2018 14:54:41 +0000
Subject: [PATCH] Fix new warnings from GCC 8
---
contrib/pg_standby/pg_standby.c | 4 +--
src/backend/access/transam/xlog.c | 8 ++---
src/backend/commands/extension.c | 32 ++++++-------------
src/backend/postmaster/postmaster.c | 9 ++++--
src/backend/storage/file/fd.c | 4 +--
src/backend/storage/file/reinit.c | 8 ++---
src/backend/storage/file/sharedfileset.c | 32 +++++++++----------
src/backend/tsearch/ts_utils.c | 7 +---
src/backend/utils/misc/guc.c | 2 +-
src/backend/utils/misc/tzparser.c | 2 +-
src/backend/utils/time/snapmgr.c | 2 +-
src/bin/initdb/findtimezone.c | 2 +-
src/bin/initdb/initdb.c | 4 +--
src/bin/pg_basebackup/pg_basebackup.c | 2 +-
src/bin/pg_basebackup/receivelog.c | 18 +++++++----
src/bin/pg_dump/pg_backup_directory.c | 4 +--
.../pg_verify_checksums/pg_verify_checksums.c | 2 +-
src/bin/pg_waldump/compat.c | 4 +--
src/bin/pgbench/pgbench.c | 6 ++--
src/bin/psql/startup.c | 6 ++--
src/interfaces/ecpg/preproc/ecpg.c | 4 +--
src/interfaces/libpq/fe-connect.c | 8 ++---
src/interfaces/libpq/fe-secure-openssl.c | 2 +-
src/test/regress/pg_regress.c | 14 ++++----
src/timezone/pgtz.c | 2 +-
25 files changed, 89 insertions(+), 99 deletions(-)
diff --git a/contrib/pg_standby/pg_standby.c b/contrib/pg_standby/pg_standby.c
index cb785971a9..fcdf4e6a3f 100644
--- a/contrib/pg_standby/pg_standby.c
+++ b/contrib/pg_standby/pg_standby.c
@@ -60,7 +60,7 @@ char *nextWALFileName; /* the file we need to get from archive */
char *restartWALFileName; /* the file from which we can restart restore */
char *priorWALFileName; /* the file we need to get from archive */
char WALFilePath[MAXPGPATH * 2]; /* the file path including archive */
-char restoreCommand[MAXPGPATH]; /* run this to restore */
+char *restoreCommand; /* run this to restore */
char exclusiveCleanupFileName[MAXFNAMELEN]; /* the file we need to get
* from archive */
@@ -98,7 +98,7 @@ int restoreCommandType;
int nextWALFileType;
#define SET_RESTORE_COMMAND(cmd, arg1, arg2) \
- snprintf(restoreCommand, MAXPGPATH, cmd " \"%s\" \"%s\"", arg1, arg2)
+ restoreCommand = psprintf(cmd " \"%s\" \"%s\"", arg1, arg2)
struct stat stat_buf;
diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c
index c0923d97f2..d29459e8d7 100644
--- a/src/backend/access/transam/xlog.c
+++ b/src/backend/access/transam/xlog.c
@@ -7702,12 +7702,12 @@ StartupXLOG(void)
if (!XLogArchiveIsReadyOrDone(origfname))
{
char origpath[MAXPGPATH];
- char partialfname[MAXFNAMELEN];
- char partialpath[MAXPGPATH];
+ char partialfname[MAXFNAMELEN + 8];
+ char partialpath[MAXPGPATH + 8];
XLogFilePath(origpath, EndOfLogTLI, endLogSegNo, wal_segment_size);
- snprintf(partialfname, MAXFNAMELEN, "%s.partial", origfname);
- snprintf(partialpath, MAXPGPATH, "%s.partial", origpath);
+ snprintf(partialfname, sizeof(partialfname), "%s.partial", origfname);
+ snprintf(partialpath, sizeof(partialpath), "%s.partial", origpath);
/*
* Make sure there's no .done or .ready file for the .partial
diff --git a/src/backend/commands/extension.c b/src/backend/commands/extension.c
index 2e4538146d..0c6df45335 100644
--- a/src/backend/commands/extension.c
+++ b/src/backend/commands/extension.c
@@ -366,34 +366,24 @@ static char *
get_extension_control_directory(void)
{
char sharepath[MAXPGPATH];
- char *result;
get_share_path(my_exec_path, sharepath);
- result = (char *) palloc(MAXPGPATH);
- snprintf(result, MAXPGPATH, "%s/extension", sharepath);
-
- return result;
+ return psprintf("%s/extension", sharepath);
}
static char *
get_extension_control_filename(const char *extname)
{
char sharepath[MAXPGPATH];
- char *result;
get_share_path(my_exec_path, sharepath);
- result = (char *) palloc(MAXPGPATH);
- snprintf(result, MAXPGPATH, "%s/extension/%s.control",
- sharepath, extname);
-
- return result;
+ return psprintf("%s/extension/%s.control", sharepath, extname);
}
static char *
get_extension_script_directory(ExtensionControlFile *control)
{
char sharepath[MAXPGPATH];
- char *result;
/*
* The directory parameter can be omitted, absolute, or relative to the
@@ -406,10 +396,8 @@ get_extension_script_directory(ExtensionControlFile *control)
return pstrdup(control->directory);
get_share_path(my_exec_path, sharepath);
- result = (char *) palloc(MAXPGPATH);
- snprintf(result, MAXPGPATH, "%s/%s", sharepath, control->directory);
- return result;
+ return psprintf("%s/%s", sharepath, control->directory);
}
static char *
@@ -421,9 +409,8 @@ get_extension_aux_control_filename(ExtensionControlFile *control,
scriptdir = get_extension_script_directory(control);
- result = (char *) palloc(MAXPGPATH);
- snprintf(result, MAXPGPATH, "%s/%s--%s.control",
- scriptdir, control->name, version);
+ result = psprintf("%s/%s--%s.control",
+ scriptdir, control->name, version);
pfree(scriptdir);
@@ -439,13 +426,12 @@ get_extension_script_filename(ExtensionControlFile *control,
scriptdir = get_extension_script_directory(control);
- result = (char *) palloc(MAXPGPATH);
if (from_version)
- snprintf(result, MAXPGPATH, "%s/%s--%s--%s.sql",
- scriptdir, control->name, from_version, version);
+ result = psprintf("%s/%s--%s--%s.sql",
+ scriptdir, control->name, from_version, version);
else
- snprintf(result, MAXPGPATH, "%s/%s--%s.sql",
- scriptdir, control->name, version);
+ result = psprintf("%s/%s--%s.sql",
+ scriptdir, control->name, version);
pfree(scriptdir);
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index d948369f3e..5697bf4cbb 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -4110,7 +4110,7 @@ BackendInitialize(Port *port)
int ret;
char remote_host[NI_MAXHOST];
char remote_port[NI_MAXSERV];
- char remote_ps_data[NI_MAXHOST];
+ char *remote_ps_data;
/* Save port etc. for ps status */
MyProcPort = port;
@@ -4176,9 +4176,9 @@ BackendInitialize(Port *port)
(errmsg_internal("pg_getnameinfo_all() failed: %s",
gai_strerror(ret))));
if (remote_port[0] == '\0')
- snprintf(remote_ps_data, sizeof(remote_ps_data), "%s", remote_host);
+ remote_ps_data = remote_host;
else
- snprintf(remote_ps_data, sizeof(remote_ps_data), "%s(%s)", remote_host, remote_port);
+ remote_ps_data = psprintf("%s(%s)", remote_host, remote_port);
/*
* Save remote_host and remote_port in port structure (after this, they
@@ -4268,6 +4268,9 @@ BackendInitialize(Port *port)
init_ps_display(port->user_name, port->database_name, remote_ps_data,
update_process_title ? "authentication" : "");
+ if (remote_ps_data != remote_host)
+ pfree(remote_ps_data);
+
/*
* Disable the timeout, and prevent SIGTERM/SIGQUIT again.
*/
diff --git a/src/backend/storage/file/fd.c b/src/backend/storage/file/fd.c
index f772dfe93f..d343729000 100644
--- a/src/backend/storage/file/fd.c
+++ b/src/backend/storage/file/fd.c
@@ -1571,7 +1571,7 @@ static File
OpenTemporaryFileInTablespace(Oid tblspcOid, bool rejectError)
{
char tempdirpath[MAXPGPATH];
- char tempfilepath[MAXPGPATH];
+ char tempfilepath[MAXPGPATH + sizeof(PG_TEMP_FILE_PREFIX) + 3];
File file;
TempTablespacePath(tempdirpath, tblspcOid);
@@ -3162,7 +3162,7 @@ RemovePgTempRelationFilesInDbspace(const char *dbspacedirname)
{
DIR *dbspace_dir;
struct dirent *de;
- char rm_path[MAXPGPATH * 2];
+ char rm_path[MAXPGPATH * 2 + 256];
dbspace_dir = AllocateDir(dbspacedirname);
diff --git a/src/backend/storage/file/reinit.c b/src/backend/storage/file/reinit.c
index 74ff6c359b..ccd9cf71d6 100644
--- a/src/backend/storage/file/reinit.c
+++ b/src/backend/storage/file/reinit.c
@@ -150,7 +150,7 @@ ResetUnloggedRelationsInDbspaceDir(const char *dbspacedirname, int op)
{
DIR *dbspace_dir;
struct dirent *de;
- char rm_path[MAXPGPATH * 2];
+ char rm_path[MAXPGPATH * 2 + 256];
/* Caller must specify at least one operation. */
Assert((op & (UNLOGGED_RELATION_CLEANUP | UNLOGGED_RELATION_INIT)) != 0);
@@ -280,8 +280,8 @@ ResetUnloggedRelationsInDbspaceDir(const char *dbspacedirname, int op)
ForkNumber forkNum;
int oidchars;
char oidbuf[OIDCHARS + 1];
- char srcpath[MAXPGPATH * 2];
- char dstpath[MAXPGPATH];
+ char srcpath[MAXPGPATH * 2 + 256];
+ char dstpath[MAXPGPATH * 2 + 11];
/* Skip anything that doesn't look like a relation data file. */
if (!parse_filename_for_nontemp_relation(de->d_name, &oidchars,
@@ -323,7 +323,7 @@ ResetUnloggedRelationsInDbspaceDir(const char *dbspacedirname, int op)
ForkNumber forkNum;
int oidchars;
char oidbuf[OIDCHARS + 1];
- char mainpath[MAXPGPATH];
+ char mainpath[MAXPGPATH * 2 + 11];
/* Skip anything that doesn't look like a relation data file. */
if (!parse_filename_for_nontemp_relation(de->d_name, &oidchars,
diff --git a/src/backend/storage/file/sharedfileset.c b/src/backend/storage/file/sharedfileset.c
index 0ac8696536..f98dfb98d2 100644
--- a/src/backend/storage/file/sharedfileset.c
+++ b/src/backend/storage/file/sharedfileset.c
@@ -27,8 +27,8 @@
#include "utils/builtins.h"
static void SharedFileSetOnDetach(dsm_segment *segment, Datum datum);
-static void SharedFileSetPath(char *path, SharedFileSet *fileset, Oid tablespace);
-static void SharedFilePath(char *path, SharedFileSet *fileset, const char *name);
+static void SharedFileSetPath(char *path, size_t size, SharedFileSet *fileset, Oid tablespace);
+static void SharedFilePath(char *path, size_t size, SharedFileSet *fileset, const char *name);
static Oid ChooseTablespace(const SharedFileSet *fileset, const char *name);
/*
@@ -102,21 +102,21 @@ SharedFileSetAttach(SharedFileSet *fileset, dsm_segment *seg)
File
SharedFileSetCreate(SharedFileSet *fileset, const char *name)
{
- char path[MAXPGPATH];
+ char path[MAXPGPATH + 101];
File file;
- SharedFilePath(path, fileset, name);
+ SharedFilePath(path, sizeof(path), fileset, name);
file = PathNameCreateTemporaryFile(path, false);
/* If we failed, see if we need to create the directory on demand. */
if (file <= 0)
{
char tempdirpath[MAXPGPATH];
- char filesetpath[MAXPGPATH];
+ char filesetpath[MAXPGPATH + 100];
Oid tablespace = ChooseTablespace(fileset, name);
TempTablespacePath(tempdirpath, tablespace);
- SharedFileSetPath(filesetpath, fileset, tablespace);
+ SharedFileSetPath(filesetpath, sizeof(filesetpath), fileset, tablespace);
PathNameCreateTemporaryDir(tempdirpath, filesetpath);
file = PathNameCreateTemporaryFile(path, true);
}
@@ -134,7 +134,7 @@ SharedFileSetOpen(SharedFileSet *fileset, const char *name)
char path[MAXPGPATH];
File file;
- SharedFilePath(path, fileset, name);
+ SharedFilePath(path, sizeof(path), fileset, name);
file = PathNameOpenTemporaryFile(path);
return file;
@@ -150,7 +150,7 @@ SharedFileSetDelete(SharedFileSet *fileset, const char *name,
{
char path[MAXPGPATH];
- SharedFilePath(path, fileset, name);
+ SharedFilePath(path, sizeof(path), fileset, name);
return PathNameDeleteTemporaryFile(path, error_on_failure);
}
@@ -161,7 +161,7 @@ SharedFileSetDelete(SharedFileSet *fileset, const char *name,
void
SharedFileSetDeleteAll(SharedFileSet *fileset)
{
- char dirpath[MAXPGPATH];
+ char dirpath[MAXPGPATH + 100];
int i;
/*
@@ -171,7 +171,7 @@ SharedFileSetDeleteAll(SharedFileSet *fileset)
*/
for (i = 0; i < fileset->ntablespaces; ++i)
{
- SharedFileSetPath(dirpath, fileset, fileset->tablespaces[i]);
+ SharedFileSetPath(dirpath, sizeof(dirpath), fileset, fileset->tablespaces[i]);
PathNameDeleteTemporaryDir(dirpath);
}
}
@@ -209,12 +209,12 @@ SharedFileSetOnDetach(dsm_segment *segment, Datum datum)
* in a given tablespace.
*/
static void
-SharedFileSetPath(char *path, SharedFileSet *fileset, Oid tablespace)
+SharedFileSetPath(char *path, size_t size, SharedFileSet *fileset, Oid tablespace)
{
char tempdirpath[MAXPGPATH];
TempTablespacePath(tempdirpath, tablespace);
- snprintf(path, MAXPGPATH, "%s/%s%d.%u.sharedfileset",
+ snprintf(path, size, "%s/%s%d.%u.sharedfileset",
tempdirpath, PG_TEMP_FILE_PREFIX,
fileset->creator_pid, fileset->number);
}
@@ -235,10 +235,10 @@ ChooseTablespace(const SharedFileSet *fileset, const char *name)
* Compute the full path of a file in a SharedFileSet.
*/
static void
-SharedFilePath(char *path, SharedFileSet *fileset, const char *name)
+SharedFilePath(char *path, size_t size, SharedFileSet *fileset, const char *name)
{
- char dirpath[MAXPGPATH];
+ char dirpath[MAXPGPATH + 100];
- SharedFileSetPath(dirpath, fileset, ChooseTablespace(fileset, name));
- snprintf(path, MAXPGPATH, "%s/%s", dirpath, name);
+ SharedFileSetPath(dirpath, sizeof(dirpath), fileset, ChooseTablespace(fileset, name));
+ snprintf(path, size, "%s/%s", dirpath, name);
}
diff --git a/src/backend/tsearch/ts_utils.c b/src/backend/tsearch/ts_utils.c
index f6e03aea4f..0855c586d4 100644
--- a/src/backend/tsearch/ts_utils.c
+++ b/src/backend/tsearch/ts_utils.c
@@ -34,7 +34,6 @@ get_tsearch_config_filename(const char *basename,
const char *extension)
{
char sharepath[MAXPGPATH];
- char *result;
/*
* We limit the basename to contain a-z, 0-9, and underscores. This may
@@ -52,11 +51,7 @@ get_tsearch_config_filename(const char *basename,
basename)));
get_share_path(my_exec_path, sharepath);
- result = palloc(MAXPGPATH);
- snprintf(result, MAXPGPATH, "%s/tsearch_data/%s.%s",
- sharepath, basename, extension);
-
- return result;
+ return psprintf("%s/tsearch_data/%s.%s", sharepath, basename, extension);
}
/*
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 6eae3d62cc..08813815e7 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -7333,7 +7333,7 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
ConfigVariable *tail = NULL;
volatile int Tmpfd;
char AutoConfFileName[MAXPGPATH];
- char AutoConfTmpFileName[MAXPGPATH];
+ char AutoConfTmpFileName[MAXPGPATH + 4];
if (!superuser())
ereport(ERROR,
diff --git a/src/backend/utils/misc/tzparser.c b/src/backend/utils/misc/tzparser.c
index 3d07eb7265..4e5b222050 100644
--- a/src/backend/utils/misc/tzparser.c
+++ b/src/backend/utils/misc/tzparser.c
@@ -277,7 +277,7 @@ ParseTzFile(const char *filename, int depth,
tzEntry **base, int *arraysize, int n)
{
char share_path[MAXPGPATH];
- char file_path[MAXPGPATH];
+ char file_path[MAXPGPATH + 15];
FILE *tzFile;
char tzbuf[1024];
char *line;
diff --git a/src/backend/utils/time/snapmgr.c b/src/backend/utils/time/snapmgr.c
index 4b45d3cccd..5508ebe4ba 100644
--- a/src/backend/utils/time/snapmgr.c
+++ b/src/backend/utils/time/snapmgr.c
@@ -1168,7 +1168,7 @@ ExportSnapshot(Snapshot snapshot)
int i;
MemoryContext oldcxt;
char path[MAXPGPATH];
- char pathtmp[MAXPGPATH];
+ char pathtmp[MAXPGPATH + 4];
/*
* It's tempting to call RequireTransactionBlock here, since it's not very
diff --git a/src/bin/initdb/findtimezone.c b/src/bin/initdb/findtimezone.c
index 4c3a91a122..13325c4824 100644
--- a/src/bin/initdb/findtimezone.c
+++ b/src/bin/initdb/findtimezone.c
@@ -309,7 +309,7 @@ score_timezone(const char *tzname, struct tztry *tt)
static const char *
identify_system_timezone(void)
{
- static char resultbuf[TZ_STRLEN_MAX + 1];
+ static char resultbuf[TZ_STRLEN_MAX * 2 + 8];
time_t tnow;
time_t t;
struct tztry tt;
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index b39115c346..ea3d9f1c63 100644
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -286,7 +286,7 @@ void initialize_data_directory(void);
/*
* macros for running pipes to postgres
*/
-#define PG_CMD_DECL char cmd[MAXPGPATH]; FILE *cmdfd
+#define PG_CMD_DECL char cmd[MAXPGPATH * 2]; FILE *cmdfd
#define PG_CMD_OPEN \
do { \
@@ -974,7 +974,7 @@ test_config_settings(void)
400, 300, 200, 100, 50
};
- char cmd[MAXPGPATH];
+ char cmd[MAXPGPATH * 2];
const int connslen = sizeof(trial_conns) / sizeof(int);
const int bufslen = sizeof(trial_bufs) / sizeof(int);
int i,
diff --git a/src/bin/pg_basebackup/pg_basebackup.c b/src/bin/pg_basebackup/pg_basebackup.c
index 58f780c069..0eba93166a 100644
--- a/src/bin/pg_basebackup/pg_basebackup.c
+++ b/src/bin/pg_basebackup/pg_basebackup.c
@@ -1344,7 +1344,7 @@ static void
ReceiveAndUnpackTarFile(PGconn *conn, PGresult *res, int rownum)
{
char current_path[MAXPGPATH];
- char filename[MAXPGPATH];
+ char filename[MAXPGPATH + 1];
const char *mapped_tblspc_path;
pgoff_t current_len_left = 0;
int current_padding = 0;
diff --git a/src/bin/pg_basebackup/receivelog.c b/src/bin/pg_basebackup/receivelog.c
index 1076878630..dde49d5f4c 100644
--- a/src/bin/pg_basebackup/receivelog.c
+++ b/src/bin/pg_basebackup/receivelog.c
@@ -446,8 +446,7 @@ CheckServerVersionForStreaming(PGconn *conn)
bool
ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
{
- char query[128];
- char slotcmd[128];
+ char *slotcmd;
PGresult *res;
XLogRecPtr stoppos;
@@ -472,7 +471,7 @@ ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
if (stream->replication_slot != NULL)
{
reportFlushPosition = true;
- sprintf(slotcmd, "SLOT \"%s\" ", stream->replication_slot);
+ slotcmd = psprintf("SLOT \"%s\" ", stream->replication_slot);
}
else
{
@@ -480,7 +479,7 @@ ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
reportFlushPosition = true;
else
reportFlushPosition = false;
- slotcmd[0] = 0;
+ slotcmd = NULL;
}
if (stream->sysidentifier != NULL)
@@ -530,6 +529,8 @@ ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
while (1)
{
+ char *query;
+
/*
* Fetch the timeline history file for this timeline, if we don't have
* it already. When streaming log to tar, this will always return
@@ -538,8 +539,9 @@ ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
*/
if (!existsTimeLineHistoryFile(stream))
{
- snprintf(query, sizeof(query), "TIMELINE_HISTORY %u", stream->timeline);
+ query = psprintf("TIMELINE_HISTORY %u", stream->timeline);
res = PQexec(conn, query);
+ free(query);
if (PQresultStatus(res) != PGRES_TUPLES_OK)
{
/* FIXME: we might send it ok, but get an error */
@@ -576,11 +578,12 @@ ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
return true;
/* Initiate the replication stream at specified location */
- snprintf(query, sizeof(query), "START_REPLICATION %s%X/%X TIMELINE %u",
- slotcmd,
+ query = psprintf("START_REPLICATION %s%X/%X TIMELINE %u",
+ slotcmd ? slotcmd : "",
(uint32) (stream->startpos >> 32), (uint32) stream->startpos,
stream->timeline);
res = PQexec(conn, query);
+ free(query);
if (PQresultStatus(res) != PGRES_COPY_BOTH)
{
fprintf(stderr, _("%s: could not send replication command \"%s\": %s"),
@@ -694,6 +697,7 @@ ReceiveXlogStream(PGconn *conn, StreamCtl *stream)
}
error:
+ free(slotcmd);
if (walfile != NULL && stream->walmethod->close(walfile, CLOSE_NO_RENAME) != 0)
fprintf(stderr, _("%s: could not close file \"%s\": %s\n"),
progname, current_walfile_name, stream->walmethod->getlasterror());
diff --git a/src/bin/pg_dump/pg_backup_directory.c b/src/bin/pg_dump/pg_backup_directory.c
index 4aabb40f59..8a0adb61be 100644
--- a/src/bin/pg_dump/pg_backup_directory.c
+++ b/src/bin/pg_dump/pg_backup_directory.c
@@ -454,7 +454,7 @@ _LoadBlobs(ArchiveHandle *AH)
while ((cfgets(ctx->blobsTocFH, line, MAXPGPATH)) != NULL)
{
char fname[MAXPGPATH];
- char path[MAXPGPATH];
+ char path[MAXPGPATH + 1];
/* Can't overflow because line and fname are the same length. */
if (sscanf(line, "%u %s\n", &oid, fname) != 2)
@@ -462,7 +462,7 @@ _LoadBlobs(ArchiveHandle *AH)
fname, line);
StartRestoreBlob(AH, oid, AH->public.ropt->dropSchema);
- snprintf(path, MAXPGPATH, "%s/%s", ctx->directory, fname);
+ snprintf(path, sizeof(path), "%s/%s", ctx->directory, fname);
_PrintFileData(AH, path);
EndRestoreBlob(AH, oid);
}
diff --git a/src/bin/pg_verify_checksums/pg_verify_checksums.c b/src/bin/pg_verify_checksums/pg_verify_checksums.c
index b065d0bb89..fa41c5e866 100644
--- a/src/bin/pg_verify_checksums/pg_verify_checksums.c
+++ b/src/bin/pg_verify_checksums/pg_verify_checksums.c
@@ -143,7 +143,7 @@ scan_directory(char *basedir, char *subdir)
}
while ((de = readdir(dir)) != NULL)
{
- char fn[MAXPGPATH + 1];
+ char fn[MAXPGPATH + 256];
struct stat st;
if (skipfile(de->d_name))
diff --git a/src/bin/pg_waldump/compat.c b/src/bin/pg_waldump/compat.c
index 6ff9eb7e77..4c2eb30c5b 100644
--- a/src/bin/pg_waldump/compat.c
+++ b/src/bin/pg_waldump/compat.c
@@ -49,7 +49,7 @@ timestamptz_to_time_t(TimestampTz t)
const char *
timestamptz_to_str(TimestampTz dt)
{
- static char buf[MAXDATELEN + 1];
+ static char buf[MAXDATELEN + 138];
char ts[MAXDATELEN + 1];
char zone[MAXDATELEN + 1];
time_t result = (time_t) timestamptz_to_time_t(dt);
@@ -58,7 +58,7 @@ timestamptz_to_str(TimestampTz dt)
strftime(ts, sizeof(ts), "%Y-%m-%d %H:%M:%S", ltime);
strftime(zone, sizeof(zone), "%Z", ltime);
- sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
+ snprintf(buf, sizeof(buf), "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
return buf;
}
diff --git a/src/bin/pgbench/pgbench.c b/src/bin/pgbench/pgbench.c
index 78b8f1706c..b6c2bec1d6 100644
--- a/src/bin/pgbench/pgbench.c
+++ b/src/bin/pgbench/pgbench.c
@@ -3528,7 +3528,7 @@ initCreateTables(PGconn *con)
for (i = 0; i < lengthof(DDLs); i++)
{
char opts[256];
- char buffer[256];
+ char *buffer;
const struct ddlinfo *ddl = &DDLs[i];
const char *cols;
@@ -3550,11 +3550,13 @@ initCreateTables(PGconn *con)
cols = (scale >= SCALE_32BIT_THRESHOLD) ? ddl->bigcols : ddl->smcols;
- snprintf(buffer, sizeof(buffer), "create%s table %s(%s)%s",
+ buffer = psprintf("create%s table %s(%s)%s",
unlogged_tables ? " unlogged" : "",
ddl->table, cols, opts);
executeStatement(con, buffer);
+
+ free(buffer);
}
}
diff --git a/src/bin/psql/startup.c b/src/bin/psql/startup.c
index be57574cd3..d5402e0ea4 100644
--- a/src/bin/psql/startup.c
+++ b/src/bin/psql/startup.c
@@ -719,7 +719,7 @@ static void
process_psqlrc(char *argv0)
{
char home[MAXPGPATH];
- char rc_file[MAXPGPATH];
+ char rc_file[MAXPGPATH + sizeof(PSQLRC)];
char my_exec_path[MAXPGPATH];
char etc_path[MAXPGPATH];
char *envrc = getenv("PSQLRC");
@@ -732,7 +732,7 @@ process_psqlrc(char *argv0)
get_etc_path(my_exec_path, etc_path);
- snprintf(rc_file, MAXPGPATH, "%s/%s", etc_path, SYSPSQLRC);
+ snprintf(rc_file, sizeof(rc_file), "%s/%s", etc_path, SYSPSQLRC);
process_psqlrc_file(rc_file);
if (envrc != NULL && strlen(envrc) > 0)
@@ -745,7 +745,7 @@ process_psqlrc(char *argv0)
}
else if (get_home_path(home))
{
- snprintf(rc_file, MAXPGPATH, "%s/%s", home, PSQLRC);
+ snprintf(rc_file, sizeof(rc_file), "%s/%s", home, PSQLRC);
process_psqlrc_file(rc_file);
}
}
diff --git a/src/interfaces/ecpg/preproc/ecpg.c b/src/interfaces/ecpg/preproc/ecpg.c
index 7fdc4ee596..fc39b08fbd 100644
--- a/src/interfaces/ecpg/preproc/ecpg.c
+++ b/src/interfaces/ecpg/preproc/ecpg.c
@@ -201,11 +201,11 @@ main(int argc, char *const argv[])
if (pg_strcasecmp(optarg, "INFORMIX") == 0 || pg_strcasecmp(optarg, "INFORMIX_SE") == 0)
{
char pkginclude_path[MAXPGPATH];
- char informix_path[MAXPGPATH];
+ char informix_path[MAXPGPATH + 14];
compat = (pg_strcasecmp(optarg, "INFORMIX") == 0) ? ECPG_COMPAT_INFORMIX : ECPG_COMPAT_INFORMIX_SE;
get_pkginclude_path(my_exec_path, pkginclude_path);
- snprintf(informix_path, MAXPGPATH, "%s/informix/esql", pkginclude_path);
+ snprintf(informix_path, sizeof(informix_path), "%s/informix/esql", pkginclude_path);
add_include_path(informix_path);
}
else if (strncmp(optarg, "ORACLE", strlen("ORACLE")) == 0)
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index a7e969d7c1..cc0522d56a 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -1079,10 +1079,10 @@ connectOptions2(PGconn *conn)
{
if (conn->pgpassfile)
free(conn->pgpassfile);
- conn->pgpassfile = malloc(MAXPGPATH);
+ conn->pgpassfile = malloc(MAXPGPATH + sizeof(PGPASSFILE) + 1);
if (!conn->pgpassfile)
goto oom_error;
- snprintf(conn->pgpassfile, MAXPGPATH, "%s/%s",
+ snprintf(conn->pgpassfile, MAXPGPATH + sizeof(PGPASSFILE) + 1, "%s/%s",
homedir, PGPASSFILE);
}
}
@@ -4491,7 +4491,7 @@ static int
parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
{
const char *service = conninfo_getval(options, "service");
- char serviceFile[MAXPGPATH];
+ char serviceFile[MAXPGPATH + 17];
char *env;
bool group_found = false;
int status;
@@ -4521,7 +4521,7 @@ parseServiceInfo(PQconninfoOption *options, PQExpBuffer errorMessage)
if (!pqGetHomeDirectory(homedir, sizeof(homedir)))
goto next_file;
- snprintf(serviceFile, MAXPGPATH, "%s/%s", homedir, ".pg_service.conf");
+ snprintf(serviceFile, sizeof(serviceFile), "%s/%s", homedir, ".pg_service.conf");
if (stat(serviceFile, &stat_buf) != 0)
goto next_file;
}
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index 43640e3799..520d5faf74 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -803,7 +803,7 @@ initialize_SSL(PGconn *conn)
SSL_CTX *SSL_context;
struct stat buf;
char homedir[MAXPGPATH];
- char fnbuf[MAXPGPATH];
+ char fnbuf[MAXPGPATH * 2];
char sebuf[256];
bool have_homedir;
bool have_cert;
diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c
index 4b24c4ac71..516b1b71b2 100644
--- a/src/test/regress/pg_regress.c
+++ b/src/test/regress/pg_regress.c
@@ -103,7 +103,7 @@ static const char *sockdir;
#ifdef HAVE_UNIX_SOCKETS
static const char *temp_sockdir;
static char sockself[MAXPGPATH];
-static char socklock[MAXPGPATH];
+static char socklock[MAXPGPATH + 5];
#endif
static _resultmap *resultmap = NULL;
@@ -463,14 +463,14 @@ static void
convert_sourcefiles_in(const char *source_subdir, const char *dest_dir, const char *dest_subdir, const char *suffix)
{
char testtablespace[MAXPGPATH];
- char indir[MAXPGPATH];
+ char indir[MAXPGPATH + 1];
struct stat st;
int ret;
char **name;
char **names;
int count = 0;
- snprintf(indir, MAXPGPATH, "%s/%s", inputdir, source_subdir);
+ snprintf(indir, sizeof(indir), "%s/%s", inputdir, source_subdir);
/* Check that indir actually exists and is a directory */
ret = stat(indir, &st);
@@ -515,8 +515,8 @@ convert_sourcefiles_in(const char *source_subdir, const char *dest_dir, const ch
/* finally loop on each file and do the replacement */
for (name = names; *name; name++)
{
- char srcfile[MAXPGPATH];
- char destfile[MAXPGPATH];
+ char srcfile[MAXPGPATH + 2];
+ char destfile[MAXPGPATH * 2];
char prefix[MAXPGPATH];
FILE *infile,
*outfile;
@@ -532,8 +532,8 @@ convert_sourcefiles_in(const char *source_subdir, const char *dest_dir, const ch
/* build the full actual paths to open */
snprintf(prefix, strlen(*name) - 6, "%s", *name);
- snprintf(srcfile, MAXPGPATH, "%s/%s", indir, *name);
- snprintf(destfile, MAXPGPATH, "%s/%s/%s.%s", dest_dir, dest_subdir,
+ snprintf(srcfile, sizeof(srcfile), "%s/%s", indir, *name);
+ snprintf(destfile, sizeof(destfile), "%s/%s/%s.%s", dest_dir, dest_subdir,
prefix, suffix);
infile = fopen(srcfile, "r");
diff --git a/src/timezone/pgtz.c b/src/timezone/pgtz.c
index 7a476eabf7..f99a6fb0a2 100644
--- a/src/timezone/pgtz.c
+++ b/src/timezone/pgtz.c
@@ -323,7 +323,7 @@ pg_tzset_offset(long gmtoffset)
{
long absoffset = (gmtoffset < 0) ? -gmtoffset : gmtoffset;
char offsetstr[64];
- char tzname[128];
+ char tzname[131];
snprintf(offsetstr, sizeof(offsetstr),
"%02ld", absoffset / SECS_PER_HOUR);
base-commit: 76ece169746f50652771a9fa9adc66d207e9d6f7
--
2.17.0
Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
On 4/24/18 05:57, Devrim Gündüz wrote:
While building stable releases and v11 on Fedora 28, I am seeing some warnings.
Attached is a patch to fix these warnings in master. These are very
similar to the class of warnings we fixed last time around for GCC 7.
I took a look through this, and frankly this is seeming to me like mostly
pedantry, with zero benefit for readability and possibly actually negative
impact for reliability.
Here's what's bothering me. The changes like this one:
- result = palloc(MAXPGPATH);
- snprintf(result, MAXPGPATH, "%s/tsearch_data/%s.%s",
- sharepath, basename, extension);
-
- return result;
+ return psprintf("%s/tsearch_data/%s.%s", sharepath, basename, extension);seem like good coding improvements on their own; most likely, if psprintf
had existed from the beginning, this code would have been written like
that to start with. But notice what we did here: before, there was a
guarantee that the result was shorter than MAXPGPATH. Now there isn't.
Up to now, the design principle for all this code has been "we assume
that all path strings are shorter than MAXPGPATH, and we're not going
to waste brain cells reasoning about what happens if they are not".
As long as MAXPGPATH is significantly longer than any path people might
use in practice, I think that's a defensible design strategy. However,
after patches like this one:
-SharedFilePath(char *path, SharedFileSet *fileset, const char *name)
+SharedFilePath(char *path, size_t size, SharedFileSet *fileset, const char *name)
{
- char dirpath[MAXPGPATH];
+ char dirpath[MAXPGPATH + 100];- SharedFileSetPath(dirpath, fileset, ChooseTablespace(fileset, name));
- snprintf(path, MAXPGPATH, "%s/%s", dirpath, name);
+ SharedFileSetPath(dirpath, sizeof(dirpath), fileset, ChooseTablespace(fileset, name));
+ snprintf(path, size, "%s/%s", dirpath, name);
}we basically haven't got any coherent strategy at all, other than
"whack it till GCC 8 stops complaining". Some of these strings
might be longer than MAXPGPATH, and we're not very clear on which.
Worse, the recursive rule that paths are shorter than MAXPGPATH has
collapsed entirely, so that any reasoning on the assumption that the
input strings are shorter than MAXPGPATH is now suspect as can be.
So basically, I think that any argument that these changes make us
more secure against unwanted path truncation is just horsepucky.
There's no longer any clear understanding of the maximum supported
string length, and without global analysis of that you can't say
that truncation will never happen.
Perhaps there's an argument for trying to get rid of MAXPGPATH
altogether, replacing *all* of these fixed-length buffers with
psprintf-type coding. I kinda doubt it's worth the trouble,
but if somebody wants to work on it I wouldn't say no.
In the meantime, I think our response to GCC 8 should just be to
enable -Wno-format-truncation. Certainly so in the back branches.
There isn't one of these changes that is actually fixing a bug,
which to me says that that warning is unhelpful.
regards, tom lane
Hi,
On 2018-04-28 12:16:39 -0400, Tom Lane wrote:
-SharedFilePath(char *path, SharedFileSet *fileset, const char *name) +SharedFilePath(char *path, size_t size, SharedFileSet *fileset, const char *name) { - char dirpath[MAXPGPATH]; + char dirpath[MAXPGPATH + 100];- SharedFileSetPath(dirpath, fileset, ChooseTablespace(fileset, name)); - snprintf(path, MAXPGPATH, "%s/%s", dirpath, name); + SharedFileSetPath(dirpath, sizeof(dirpath), fileset, ChooseTablespace(fileset, name)); + snprintf(path, size, "%s/%s", dirpath, name); }we basically haven't got any coherent strategy at all, other than
"whack it till GCC 8 stops complaining". Some of these strings
might be longer than MAXPGPATH, and we're not very clear on which.
Worse, the recursive rule that paths are shorter than MAXPGPATH has
collapsed entirely, so that any reasoning on the assumption that the
input strings are shorter than MAXPGPATH is now suspect as can be.
So basically, I think that any argument that these changes make us
more secure against unwanted path truncation is just horsepucky.
There's no longer any clear understanding of the maximum supported
string length, and without global analysis of that you can't say
that truncation will never happen.
+1
Perhaps there's an argument for trying to get rid of MAXPGPATH
altogether, replacing *all* of these fixed-length buffers with
psprintf-type coding. I kinda doubt it's worth the trouble,
but if somebody wants to work on it I wouldn't say no.
Same.
In the meantime, I think our response to GCC 8 should just be to
enable -Wno-format-truncation. Certainly so in the back branches.
There isn't one of these changes that is actually fixing a bug,
which to me says that that warning is unhelpful.
Agreed. Or at least turn down its aggressiveness to the cases where it's
actually sure truncation happens.
Greetings,
Andres Freund
Andres Freund <andres@anarazel.de> writes:
On 2018-04-28 12:16:39 -0400, Tom Lane wrote:
In the meantime, I think our response to GCC 8 should just be to
enable -Wno-format-truncation. Certainly so in the back branches.
There isn't one of these changes that is actually fixing a bug,
which to me says that that warning is unhelpful.
Agreed. Or at least turn down its aggressiveness to the cases where it's
actually sure truncation happens.
I got around to poking into this today. Unfortunately, it doesn't seem
that there's any more-conservative level of -Wformat-truncation available.
Likewise for -Wstringop-truncation, which is the other rich new source
of useless warnings (it appears to be predicated on the assumption that
you never actually want the defined semantics of strncpy). Hence,
I propose the attached patch to disable these warnings if the compiler
knows the switch for them. I did not turn them off for CXX though;
anyone think there's a need to?
Testing with Fedora 28's gcc (currently 8.1.1), this leaves three new
warnings, which seem worth fixing. Two of them are gratuitous use of
strncpy where memcpy would serve, in ecpg, and one is an sprintf in
pg_waldump that should be snprintf for safety's sake:
common.c: In function 'pgtypes_fmt_replace':
common.c:48:5: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(*output, replace_val.str_val, i + 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
common.c:42:8: note: length computed here
i = strlen(replace_val.str_val);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'get_char_item',
inlined from 'ECPGget_desc' at descriptor.c:334:10:
descriptor.c:221:6: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
strncpy(variable->arr, value, strlen(value));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
compat.c: In function 'timestamptz_to_str':
compat.c:61:19: warning: '%06d' directive writing between 6 and 7 bytes into a region of size between 0 and 128 [-Wformat-overflow=]
sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
^~~~
compat.c:61:15: note: directive argument in the range [-999999, 999999]
sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
^~~~~~~~~~~~
compat.c:61:2: note: 'sprintf' output between 9 and 266 bytes into a destination of size 129
sprintf(buf, "%s.%06d %s", ts, (int) (dt % USECS_PER_SEC), zone);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Probably all of this ought to be back-patched as applicable, since
people will doubtless try to compile back branches with gcc 8.
regards, tom lane
Attachments:
no-truncation-warnings.patchtext/x-diff; charset=us-ascii; name=no-truncation-warnings.patchDownload
diff --git a/configure.in b/configure.in
index 862d8b128d..dae29a4ab1 100644
--- a/configure.in
+++ b/configure.in
@@ -502,6 +502,15 @@ if test "$GCC" = yes -a "$ICC" = no; then
if test -n "$NOT_THE_CFLAGS"; then
CFLAGS="$CFLAGS -Wno-unused-command-line-argument"
fi
+ # Similarly disable useless truncation warnings from gcc 8+
+ PGAC_PROG_CC_VAR_OPT(NOT_THE_CFLAGS, [-Wformat-truncation])
+ if test -n "$NOT_THE_CFLAGS"; then
+ CFLAGS="$CFLAGS -Wno-format-truncation"
+ fi
+ PGAC_PROG_CC_VAR_OPT(NOT_THE_CFLAGS, [-Wstringop-truncation])
+ if test -n "$NOT_THE_CFLAGS"; then
+ CFLAGS="$CFLAGS -Wno-stringop-truncation"
+ fi
elif test "$ICC" = yes; then
# Intel's compiler has a bug/misoptimization in checking for
# division by NAN (NaN == 0), -mp1 fixes it, so add it to the CFLAGS.
Hi,
On 2018-06-16 13:29:55 -0400, Tom Lane wrote:
I propose the attached patch to disable these warnings if the compiler
knows the switch for them. I did not turn them off for CXX though;
anyone think there's a need to?
No, not for now. I don't think it's likely that the amount of C++ will
grow significantly anytime soon. And it seems unlikely that the llvm
interfacing code will use C stringops. Not that I think it'd hurt much
to add it.
Probably all of this ought to be back-patched as applicable, since
people will doubtless try to compile back branches with gcc 8.
Yea, It's already pretty annoying.
diff --git a/configure.in b/configure.in index 862d8b128d..dae29a4ab1 100644 --- a/configure.in +++ b/configure.in @@ -502,6 +502,15 @@ if test "$GCC" = yes -a "$ICC" = no; then if test -n "$NOT_THE_CFLAGS"; then CFLAGS="$CFLAGS -Wno-unused-command-line-argument" fi + # Similarly disable useless truncation warnings from gcc 8+ + PGAC_PROG_CC_VAR_OPT(NOT_THE_CFLAGS, [-Wformat-truncation]) + if test -n "$NOT_THE_CFLAGS"; then + CFLAGS="$CFLAGS -Wno-format-truncation" + fi + PGAC_PROG_CC_VAR_OPT(NOT_THE_CFLAGS, [-Wstringop-truncation]) + if test -n "$NOT_THE_CFLAGS"; then + CFLAGS="$CFLAGS -Wno-stringop-truncation" + fi
I've not had a lot of coffee yet this morning, but couldn't there be an
issue where a compiler supported one of these flags? Because
NOT_THE_CFLAGS is reused, it'd trigger lateron as well, right? Seems to
me we'd need to reset it.
Greetings,
Andres Freund
Andres Freund <andres@anarazel.de> writes:
On 2018-06-16 13:29:55 -0400, Tom Lane wrote:
+ # Similarly disable useless truncation warnings from gcc 8+ + PGAC_PROG_CC_VAR_OPT(NOT_THE_CFLAGS, [-Wformat-truncation]) + if test -n "$NOT_THE_CFLAGS"; then + CFLAGS="$CFLAGS -Wno-format-truncation" + fi + PGAC_PROG_CC_VAR_OPT(NOT_THE_CFLAGS, [-Wstringop-truncation]) + if test -n "$NOT_THE_CFLAGS"; then + CFLAGS="$CFLAGS -Wno-stringop-truncation" + fi
I've not had a lot of coffee yet this morning, but couldn't there be an
issue where a compiler supported one of these flags? Because
NOT_THE_CFLAGS is reused, it'd trigger lateron as well, right? Seems to
me we'd need to reset it.
Yeah, I found that out as soon as I checked this on another platform ;-).
Will fix.
regards, tom lane