Fix more format truncation issues

petere · petere · commit 3a4b891964a5 · 2018-03-15T11:41:42.000-04:00
Fix the warnings created by the compiler warning options -Wformat-overflow=2 -Wformat-truncation=2, supported since GCC 7. This is a more aggressive variant of the fixes in 6275f5d, which GCC 7 warned about by default. The issues are all harmless, but some dubious coding patterns are cleaned up. One issue that is of external interest is that BGW_MAXLEN is increased from 64 to 96. Apparently, the old value would cause the bgw_name of logical replication workers to be truncated in some circumstances. But this doesn't actually add those warning options. It appears that the warnings depend a bit on compilation and optimization options, so it would be annoying to have to keep up with that. This is more of a once-in-a-while cleanup. Reviewed-by: Michael Paquier <michael@paquier.xyz>
diff --git a/contrib/pgstattuple/pgstattuple.c b/contrib/pgstattuple/pgstattuple.c
@@ -89,7 +89,7 @@ static Datum
 build_pgstattuple_type(pgstattuple_type *stat, FunctionCallInfo fcinfo)
 {
 #define NCOLUMNS	9
-#define NCHARS		32
+#define NCHARS		314
 
 	HeapTuple	tuple;
 	char	   *values[NCOLUMNS];
diff --git a/src/backend/commands/explain.c b/src/backend/commands/explain.c
@@ -3337,10 +3337,11 @@ void
 ExplainPropertyFloat(const char *qlabel, double value, int ndigits,
 					 ExplainState *es)
 {
-	char		buf[256];
+	char	   *buf;
 
-	snprintf(buf, sizeof(buf), "%.*f", ndigits, value);
+	buf = psprintf("%.*f", ndigits, value);
 	ExplainProperty(qlabel, buf, true, es);
+	pfree(buf);
 }
 
 /*
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
@@ -1013,7 +1013,7 @@ static const char *
 SSLerrmessage(unsigned long ecode)
 {
 	const char *errreason;
-	static char errbuf[32];
+	static char errbuf[36];
 
 	if (ecode == 0)
 		return _("no SSL error reported");
diff --git a/src/backend/utils/adt/dbsize.c b/src/backend/utils/adt/dbsize.c
@@ -86,7 +86,7 @@ calculate_database_size(Oid dbOid)
 	DIR		   *dirdesc;
 	struct dirent *direntry;
 	char		dirpath[MAXPGPATH];
-	char		pathname[MAXPGPATH + 12 + sizeof(TABLESPACE_VERSION_DIRECTORY)];
+	char		pathname[MAXPGPATH + 21 + sizeof(TABLESPACE_VERSION_DIRECTORY)];
 	AclResult	aclresult;
 
 	/*
diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c
@@ -44,10 +44,6 @@ static const uint32 nan[2] = {0xffffffff, 0x7fffffff};
 #define NAN (*(const double *) nan)
 #endif
 
-/* not sure what the following should be, but better to make it over-sufficient */
-#define MAXFLOATWIDTH	64
-#define MAXDOUBLEWIDTH	128
-
 /*
  * check to see if a float4/8 val has underflowed or overflowed
  */
@@ -360,18 +356,18 @@ Datum
 float4out(PG_FUNCTION_ARGS)
 {
 	float4		num = PG_GETARG_FLOAT4(0);
-	char	   *ascii = (char *) palloc(MAXFLOATWIDTH + 1);
+	char	   *ascii;
 
 	if (isnan(num))
-		PG_RETURN_CSTRING(strcpy(ascii, "NaN"));
+		PG_RETURN_CSTRING(pstrdup("NaN"));
 
 	switch (is_infinite(num))
 	{
 		case 1:
-			strcpy(ascii, "Infinity");
+			ascii = pstrdup("Infinity");
 			break;
 		case -1:
-			strcpy(ascii, "-Infinity");
+			ascii = pstrdup("-Infinity");
 			break;
 		default:
 			{
@@ -380,7 +376,7 @@ float4out(PG_FUNCTION_ARGS)
 				if (ndig < 1)
 					ndig = 1;
 
-				snprintf(ascii, MAXFLOATWIDTH + 1, "%.*g", ndig, num);
+				ascii = psprintf("%.*g", ndig, num);
 			}
 	}
 
@@ -596,18 +592,18 @@ float8out(PG_FUNCTION_ARGS)
 char *
 float8out_internal(double num)
 {
-	char	   *ascii = (char *) palloc(MAXDOUBLEWIDTH + 1);
+	char	   *ascii;
 
 	if (isnan(num))
-		return strcpy(ascii, "NaN");
+		return pstrdup("NaN");
 
 	switch (is_infinite(num))
 	{
 		case 1:
-			strcpy(ascii, "Infinity");
+			ascii = pstrdup("Infinity");
 			break;
 		case -1:
-			strcpy(ascii, "-Infinity");
+			ascii = pstrdup("-Infinity");
 			break;
 		default:
 			{
@@ -616,7 +612,7 @@ float8out_internal(double num)
 				if (ndig < 1)
 					ndig = 1;
 
-				snprintf(ascii, MAXDOUBLEWIDTH + 1, "%.*g", ndig, num);
+				ascii = psprintf("%.*g", ndig, num);
 			}
 	}
 
diff --git a/src/backend/utils/adt/formatting.c b/src/backend/utils/adt/formatting.c
@@ -117,13 +117,6 @@
 #define DCH_MAX_ITEM_SIZ	   12	/* max localized day name		*/
 #define NUM_MAX_ITEM_SIZ		8	/* roman number (RN has 15 chars)	*/
 
-/* ----------
- * More is in float.c
- * ----------
- */
-#define MAXFLOATWIDTH	60
-#define MAXDOUBLEWIDTH	500
-
 
 /* ----------
  * Format parser structs
@@ -3911,9 +3904,7 @@ do_to_timestamp(text *date_txt, text *fmt,
 			tmfc.tzm < 0 || tmfc.tzm >= MINS_PER_HOUR)
 			DateTimeParseError(DTERR_TZDISP_OVERFLOW, date_str, "timestamp");
 
-		tz = palloc(7);
-
-		snprintf(tz, 7, "%c%02d:%02d",
+		tz = psprintf("%c%02d:%02d",
 				 tmfc.tzsign > 0 ? '+' : '-', tmfc.tzh, tmfc.tzm);
 
 		tm->tm_zone = tz;
@@ -4135,7 +4126,7 @@ int_to_roman(int number)
 				num = 0;
 	char	   *p = NULL,
 			   *result,
-				numstr[5];
+				numstr[12];
 
 	result = (char *) palloc(16);
 	*result = '\0';
@@ -5441,8 +5432,7 @@ int4_to_char(PG_FUNCTION_ARGS)
 		/* we can do it easily because float8 won't lose any precision */
 		float8		val = (float8) value;
 
-		orgnum = (char *) palloc(MAXDOUBLEWIDTH + 1);
-		snprintf(orgnum, MAXDOUBLEWIDTH + 1, "%+.*e", Num.post, val);
+		orgnum = (char *) psprintf("%+.*e", Num.post, val);
 
 		/*
 		 * Swap a leading positive sign for a space.
@@ -5641,7 +5631,6 @@ float4_to_char(PG_FUNCTION_ARGS)
 		numstr = orgnum = int_to_roman((int) rint(value));
 	else if (IS_EEEE(&Num))
 	{
-		numstr = orgnum = (char *) palloc(MAXDOUBLEWIDTH + 1);
 		if (isnan(value) || is_infinite(value))
 		{
 			/*
@@ -5655,7 +5644,7 @@ float4_to_char(PG_FUNCTION_ARGS)
 		}
 		else
 		{
-			snprintf(orgnum, MAXDOUBLEWIDTH + 1, "%+.*e", Num.post, value);
+			numstr = orgnum = psprintf("%+.*e", Num.post, value);
 
 			/*
 			 * Swap a leading positive sign for a space.
@@ -5679,16 +5668,15 @@ float4_to_char(PG_FUNCTION_ARGS)
 			Num.pre += Num.multi;
 		}
 
-		orgnum = (char *) palloc(MAXFLOATWIDTH + 1);
-		snprintf(orgnum, MAXFLOATWIDTH + 1, "%.0f", fabs(val));
+		orgnum = (char *) psprintf("%.0f", fabs(val));
 		numstr_pre_len = strlen(orgnum);
 
 		/* adjust post digits to fit max float digits */
 		if (numstr_pre_len >= FLT_DIG)
 			Num.post = 0;
 		else if (numstr_pre_len + Num.post > FLT_DIG)
 			Num.post = FLT_DIG - numstr_pre_len;
-		snprintf(orgnum, MAXFLOATWIDTH + 1, "%.*f", Num.post, val);
+		orgnum = psprintf("%.*f", Num.post, val);
 
 		if (*orgnum == '-')
 		{						/* < 0 */
@@ -5747,7 +5735,6 @@ float8_to_char(PG_FUNCTION_ARGS)
 		numstr = orgnum = int_to_roman((int) rint(value));
 	else if (IS_EEEE(&Num))
 	{
-		numstr = orgnum = (char *) palloc(MAXDOUBLEWIDTH + 1);
 		if (isnan(value) || is_infinite(value))
 		{
 			/*
@@ -5761,7 +5748,7 @@ float8_to_char(PG_FUNCTION_ARGS)
 		}
 		else
 		{
-			snprintf(orgnum, MAXDOUBLEWIDTH + 1, "%+.*e", Num.post, value);
+			numstr = orgnum = (char *) psprintf("%+.*e", Num.post, value);
 
 			/*
 			 * Swap a leading positive sign for a space.
@@ -5784,15 +5771,15 @@ float8_to_char(PG_FUNCTION_ARGS)
 			val = value * multi;
 			Num.pre += Num.multi;
 		}
-		orgnum = (char *) palloc(MAXDOUBLEWIDTH + 1);
-		numstr_pre_len = snprintf(orgnum, MAXDOUBLEWIDTH + 1, "%.0f", fabs(val));
+		orgnum = psprintf("%.0f", fabs(val));
+		numstr_pre_len = strlen(orgnum);
 
 		/* adjust post digits to fit max double digits */
 		if (numstr_pre_len >= DBL_DIG)
 			Num.post = 0;
 		else if (numstr_pre_len + Num.post > DBL_DIG)
 			Num.post = DBL_DIG - numstr_pre_len;
-		snprintf(orgnum, MAXDOUBLEWIDTH + 1, "%.*f", Num.post, val);
+		orgnum = psprintf("%.*f", Num.post, val);
 
 		if (*orgnum == '-')
 		{						/* < 0 */
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
@@ -10528,7 +10528,7 @@ check_cluster_name(char **newval, void **extra, GucSource source)
 static const char *
 show_unix_socket_permissions(void)
 {
-	static char buf[8];
+	static char buf[12];
 
 	snprintf(buf, sizeof(buf), "%04o", Unix_socket_permissions);
 	return buf;
@@ -10537,7 +10537,7 @@ show_unix_socket_permissions(void)
 static const char *
 show_log_file_mode(void)
 {
-	static char buf[8];
+	static char buf[12];
 
 	snprintf(buf, sizeof(buf), "%04o", Log_file_mode);
 	return buf;
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
@@ -1009,12 +1009,12 @@ static char *
 pretty_wal_size(int segment_count)
 {
 	int			sz = wal_segment_size_mb * segment_count;
-	char	   *result = pg_malloc(11);
+	char	   *result = pg_malloc(14);
 
 	if ((sz % 1024) == 0)
-		snprintf(result, 11, "%dGB", sz / 1024);
+		snprintf(result, 14, "%dGB", sz / 1024);
 	else
-		snprintf(result, 11, "%dMB", sz);
+		snprintf(result, 14, "%dMB", sz);
 
 	return result;
 }
diff --git a/src/bin/pg_dump/pg_backup_archiver.c b/src/bin/pg_dump/pg_backup_archiver.c
@@ -1532,7 +1532,7 @@ SetOutput(ArchiveHandle *AH, const char *filename, int compression)
 #ifdef HAVE_LIBZ
 	if (compression != 0)
 	{
-		char		fmode[10];
+		char		fmode[14];
 
 		/* Don't use PG_BINARY_x since this is zlib */
 		sprintf(fmode, "wb%d", compression);
diff --git a/src/bin/pg_dump/pg_backup_tar.c b/src/bin/pg_dump/pg_backup_tar.c
@@ -335,7 +335,7 @@ tarOpen(ArchiveHandle *AH, const char *filename, char mode)
 	TAR_MEMBER *tm;
 
 #ifdef HAVE_LIBZ
-	char		fmode[10];
+	char		fmode[14];
 #endif
 
 	if (mode == 'r')
diff --git a/src/bin/pgbench/pgbench.c b/src/bin/pgbench/pgbench.c
@@ -3591,7 +3591,7 @@ parseQuery(Command *cmd)
 	p = sql;
 	while ((p = strchr(p, ':')) != NULL)
 	{
-		char		var[12];
+		char		var[13];
 		char	   *name;
 		int			eaten;
 
@@ -5432,7 +5432,7 @@ threadRun(void *arg)
 							sqlat,
 							lag,
 							stdev;
-				char		tbuf[64];
+				char		tbuf[315];
 
 				/*
 				 * Add up the statistics of all threads.
diff --git a/src/include/postmaster/bgworker.h b/src/include/postmaster/bgworker.h
@@ -82,7 +82,7 @@ typedef enum
 
 #define BGW_DEFAULT_RESTART_INTERVAL	60
 #define BGW_NEVER_RESTART				-1
-#define BGW_MAXLEN						64
+#define BGW_MAXLEN						96
 #define BGW_EXTRALEN					128
 
 typedef struct BackgroundWorker
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
@@ -1436,7 +1436,7 @@ PQsslAttribute(PGconn *conn, const char *attribute_name)
 
 	if (strcmp(attribute_name, "key_bits") == 0)
 	{
-		static char sslbits_str[10];
+		static char sslbits_str[12];
 		int			sslbits;
 
 		SSL_get_cipher_bits(conn->ssl, &sslbits);
diff --git a/src/pl/tcl/pltcl.c b/src/pl/tcl/pltcl.c
@@ -1456,7 +1456,7 @@ compile_pltcl_function(Oid fn_oid, Oid tgreloid,
 		Datum		prosrcdatum;
 		bool		isnull;
 		char	   *proc_source;
-		char		buf[32];
+		char		buf[48];
 		Tcl_Interp *interp;
 		int			i;
 		int			tcl_rc;

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ static Datum`
`89`	`89`	`build_pgstattuple_type(pgstattuple_type *stat, FunctionCallInfo fcinfo)`
`90`	`90`	`{`
`91`	`91`	`#define NCOLUMNS 9`
`92`		`-#define NCHARS 32`
	`92`	`+#define NCHARS 314`
`93`	`93`
`94`	`94`	`HeapTuple tuple;`
`95`	`95`	`char *values[NCOLUMNS];`
Original file line number	Diff line number	Diff line change
`@@ -3337,10 +3337,11 @@ void`
`3337`	`3337`	`ExplainPropertyFloat(const char *qlabel, double value, int ndigits,`
`3338`	`3338`	`ExplainState *es)`
`3339`	`3339`	`{`
`3340`		`- char buf[256];`
	`3340`	`+ char *buf;`
`3341`	`3341`
`3342`		`- snprintf(buf, sizeof(buf), "%.*f", ndigits, value);`
	`3342`	`+ buf = psprintf("%.*f", ndigits, value);`
`3343`	`3343`	`ExplainProperty(qlabel, buf, true, es);`
	`3344`	`+ pfree(buf);`
`3344`	`3345`	`}`
`3345`	`3346`
`3346`	`3347`	`/*`
Original file line number	Diff line number	Diff line change
`@@ -1013,7 +1013,7 @@ static const char *`
`1013`	`1013`	`SSLerrmessage(unsigned long ecode)`
`1014`	`1014`	`{`
`1015`	`1015`	`const char *errreason;`
`1016`		`- static char errbuf[32];`
	`1016`	`+ static char errbuf[36];`
`1017`	`1017`
`1018`	`1018`	`if (ecode == 0)`
`1019`	`1019`	`return _("no SSL error reported");`
Original file line number	Diff line number	Diff line change
`@@ -1009,12 +1009,12 @@ static char *`
`1009`	`1009`	`pretty_wal_size(int segment_count)`
`1010`	`1010`	`{`
`1011`	`1011`	`int sz = wal_segment_size_mb * segment_count;`
`1012`		`- char *result = pg_malloc(11);`
	`1012`	`+ char *result = pg_malloc(14);`
`1013`	`1013`
`1014`	`1014`	`if ((sz % 1024) == 0)`
`1015`		`- snprintf(result, 11, "%dGB", sz / 1024);`
	`1015`	`+ snprintf(result, 14, "%dGB", sz / 1024);`
`1016`	`1016`	`else`
`1017`		`- snprintf(result, 11, "%dMB", sz);`
	`1017`	`+ snprintf(result, 14, "%dMB", sz);`
`1018`	`1018`
`1019`	`1019`	`return result;`
`1020`	`1020`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1532,7 +1532,7 @@ SetOutput(ArchiveHandle AH, const char filename, int compression)`
`1532`	`1532`	`#ifdef HAVE_LIBZ`
`1533`	`1533`	`if (compression != 0)`
`1534`	`1534`	`{`
`1535`		`- char fmode[10];`
	`1535`	`+ char fmode[14];`
`1536`	`1536`
`1537`	`1537`	`/* Don't use PG_BINARY_x since this is zlib */`
`1538`	`1538`	`sprintf(fmode, "wb%d", compression);`
Original file line number	Diff line number	Diff line change
`@@ -1436,7 +1436,7 @@ PQsslAttribute(PGconn conn, const char attribute_name)`
`1436`	`1436`
`1437`	`1437`	`if (strcmp(attribute_name, "key_bits") == 0)`
`1438`	`1438`	`{`
`1439`		`- static char sslbits_str[10];`
	`1439`	`+ static char sslbits_str[12];`
`1440`	`1440`	`int sslbits;`
`1441`	`1441`
`1442`	`1442`	`SSL_get_cipher_bits(conn->ssl, &sslbits);`