Work around a subtle portability problem in use of printf %s format.

tglsfdc · tglsfdc · commit 54cd4f045768 · 2010-05-08T16:39:53.000Z
Depending on which spec you read, field widths and precisions in %s may be
counted either in bytes or characters.  Our code was assuming bytes, which
is wrong at least for glibc's implementation, and in any case libc might
have a different idea of the prevailing encoding than we do.  Hence, for
portable results we must avoid using anything more complex than just "%s"
unless the string to be printed is known to be all-ASCII.

This patch fixes the cases I could find, including the psql formatting
failure reported by Hernan Gonzalez.  In HEAD only, I also added comments
to some places where it appears safe to continue using "%.*s".
diff --git a/src/backend/lib/stringinfo.c b/src/backend/lib/stringinfo.c
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- *	  $PostgreSQL: pgsql/src/backend/lib/stringinfo.c,v 1.52 2010/01/02 16:57:45 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/lib/stringinfo.c,v 1.53 2010/05/08 16:39:49 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -226,7 +226,8 @@ appendBinaryStringInfo(StringInfo str, const char *data, int datalen)
 
 	/*
 	 * Keep a trailing null in place, even though it's probably useless for
-	 * binary data...
+	 * binary data.  (Some callers are dealing with text but call this
+	 * because their input isn't null-terminated.)
 	 */
 	str->data[str->len] = '\0';
 }
diff --git a/src/backend/parser/scansup.c b/src/backend/parser/scansup.c
@@ -9,7 +9,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/parser/scansup.c,v 1.39 2010/01/02 16:57:50 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/parser/scansup.c,v 1.40 2010/05/08 16:39:49 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -176,10 +176,20 @@ truncate_identifier(char *ident, int len, bool warn)
 	{
 		len = pg_mbcliplen(ident, len, NAMEDATALEN - 1);
 		if (warn)
+		{
+			/*
+			 * Cannot use %.*s here because some machines interpret %s's
+			 * precision in characters, others in bytes.
+			 */
+			char	buf[NAMEDATALEN];
+
+			memcpy(buf, ident, len);
+			buf[len] = '\0';
 			ereport(NOTICE,
 					(errcode(ERRCODE_NAME_TOO_LONG),
-					 errmsg("identifier \"%s\" will be truncated to \"%.*s\"",
-							ident, len, ident)));
+					 errmsg("identifier \"%s\" will be truncated to \"%s\"",
+							ident, buf)));
+		}
 		ident[len] = '\0';
 	}
 }
diff --git a/src/backend/tsearch/wparser_def.c b/src/backend/tsearch/wparser_def.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/tsearch/wparser_def.c,v 1.30 2010/04/28 02:04:16 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/tsearch/wparser_def.c,v 1.31 2010/05/08 16:39:49 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -322,6 +322,12 @@ TParserInit(char *str, int len)
 	prs->state->state = TPS_Base;
 
 #ifdef WPARSER_TRACE
+	/*
+	 * Use of %.*s here is not portable when the string contains multibyte
+	 * characters: some machines interpret the length in characters, others
+	 * in bytes.  Since it's only a debugging aid, we haven't bothered to
+	 * fix this.
+	 */
 	fprintf(stderr, "parsing \"%.*s\"\n", len, str);
 #endif
 
@@ -361,6 +367,7 @@ TParserCopyInit(const TParser *orig)
 	prs->state->state = TPS_Base;
 
 #ifdef WPARSER_TRACE
+	/* See note above about %.*s */
 	fprintf(stderr, "parsing copy of \"%.*s\"\n", prs->lenstr, prs->str);
 #endif
 
diff --git a/src/backend/utils/adt/datetime.c b/src/backend/utils/adt/datetime.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.210 2010/01/02 16:57:53 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.211 2010/05/08 16:39:51 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -3740,6 +3740,14 @@ EncodeDateTime(struct pg_tm * tm, fsec_t fsec, int *tzp, char **tzn, int style,
 
 			AppendTimestampSeconds(str + strlen(str), tm, fsec);
 
+			/*
+			 * Note: the uses of %.*s in this function would be unportable
+			 * if the timezone names ever contain non-ASCII characters,
+			 * since some platforms think the string length is measured
+			 * in characters not bytes.  However, all TZ abbreviations in
+			 * the Olson database are plain ASCII.
+			 */
+
 			if (tzp != NULL && tm->tm_isdst >= 0)
 			{
 				if (*tzn != NULL)
@@ -4091,6 +4099,7 @@ CheckDateTokenTable(const char *tablename, const datetkn *base, int nel)
 	{
 		if (strncmp(base[i - 1].token, base[i].token, TOKMAXLEN) >= 0)
 		{
+			/* %.*s is safe since all our tokens are ASCII */
 			elog(LOG, "ordering error in %s table: \"%.*s\" >= \"%.*s\"",
 				 tablename,
 				 TOKMAXLEN, base[i - 1].token,
diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
@@ -42,7 +42,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/error/elog.c,v 1.223 2010/02/26 02:01:12 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/error/elog.c,v 1.224 2010/05/08 16:39:51 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1871,7 +1871,7 @@ log_line_prefix(StringInfo buf, ErrorData *edata)
 					int			displen;
 
 					psdisp = get_ps_display(&displen);
-					appendStringInfo(buf, "%.*s", displen, psdisp);
+					appendBinaryStringInfo(buf, psdisp, displen);
 				}
 				break;
 			case 'r':
@@ -2029,7 +2029,7 @@ write_csvlog(ErrorData *edata)
 		initStringInfo(&msgbuf);
 
 		psdisp = get_ps_display(&displen);
-		appendStringInfo(&msgbuf, "%.*s", displen, psdisp);
+		appendBinaryStringInfo(&msgbuf, psdisp, displen);
 		appendCSVLiteral(&buf, msgbuf.data);
 
 		pfree(msgbuf.data);
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2000-2010, PostgreSQL Global Development Group
  *
- * $PostgreSQL: pgsql/src/bin/psql/command.c,v 1.218 2010/04/03 20:55:57 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/command.c,v 1.219 2010/05/08 16:39:51 tgl Exp $
  */
 #include "postgres_fe.h"
 #include "command.h"
@@ -651,6 +651,13 @@ exec_command(const char *cmd,
 	{
 		char	   *opt = psql_scan_slash_option(scan_state,
 												 OT_WHOLE_LINE, NULL, false);
+		size_t		len;
+
+		/* strip any trailing spaces and semicolons */
+		len = strlen(opt);
+		while (len > 0 &&
+			   (isspace((unsigned char) opt[len - 1]) || opt[len - 1] == ';'))
+			opt[--len] = '\0';
 
 		helpSQL(opt, pset.popt.topt.pager);
 		free(opt);
diff --git a/src/bin/psql/help.c b/src/bin/psql/help.c
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2000-2010, PostgreSQL Global Development Group
  *
- * $PostgreSQL: pgsql/src/bin/psql/help.c,v 1.157 2010/03/07 17:02:34 mha Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/help.c,v 1.158 2010/05/08 16:39:51 tgl Exp $
  */
 #include "postgres_fe.h"
 
@@ -284,6 +284,7 @@ slashUsage(unsigned short int pager)
 /*
  * helpSQL -- help with SQL commands
  *
+ * Note: we assume caller removed any trailing spaces in "topic".
  */
 void
 helpSQL(const char *topic, unsigned short int pager)
@@ -352,17 +353,16 @@ helpSQL(const char *topic, unsigned short int pager)
 					wordlen;
 		int			nl_count = 0;
 
-		/* User gets two chances: exact match, then the first word */
-
-		/* First pass : strip trailing spaces and semicolons */
+		/*
+		 * We first try exact match, then first + second words, then first
+		 * word only.
+		 */
 		len = strlen(topic);
-		while (topic[len - 1] == ' ' || topic[len - 1] == ';')
-			len--;
 
-		for (x = 1; x <= 3; x++)	/* Three chances to guess that word... */
+		for (x = 1; x <= 3; x++)
 		{
 			if (x > 1)			/* Nothing on first pass - try the opening
-								 * words */
+								 * word(s) */
 			{
 				wordlen = j = 1;
 				while (topic[j] != ' ' && j++ < len)
@@ -423,7 +423,7 @@ helpSQL(const char *topic, unsigned short int pager)
 		}
 
 		if (!help_found)
-			fprintf(output, _("No help available for \"%-.*s\".\nTry \\h with no arguments to see available help.\n"), (int) len, topic);
+			fprintf(output, _("No help available for \"%s\".\nTry \\h with no arguments to see available help.\n"), topic);
 
 		/* Only close if we used the pager */
 		if (output != stdout)
diff --git a/src/bin/psql/print.c b/src/bin/psql/print.c
@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2000-2010, PostgreSQL Global Development Group
  *
- * $PostgreSQL: pgsql/src/bin/psql/print.c,v 1.124 2010/03/01 21:27:26 heikki Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/print.c,v 1.125 2010/05/08 16:39:52 tgl Exp $
  */
 #include "postgres_fe.h"
 
@@ -252,6 +252,20 @@ format_numeric_locale(const char *my_str)
 }
 
 
+/*
+ * fputnbytes: print exactly N bytes to a file
+ *
+ * Think not to use fprintf with a %.*s format for this.  Some machines
+ * believe %s's precision is measured in characters, others in bytes.
+ */
+static void
+fputnbytes(FILE *f, const char *str, size_t n)
+{
+	while (n-- > 0)
+		fputc(*str++, f);
+}
+
+
 /*************************/
 /* Unaligned text		 */
 /*************************/
@@ -913,14 +927,16 @@ print_aligned_text(const printTableContent *cont, FILE *fout)
 					{
 						/* spaces first */
 						fprintf(fout, "%*s", width_wrap[j] - chars_to_output, "");
-						fprintf(fout, "%.*s", bytes_to_output,
-								this_line->ptr + bytes_output[j]);
+						fputnbytes(fout,
+								   this_line->ptr + bytes_output[j],
+								   bytes_to_output);
 					}
 					else	/* Left aligned cell */
 					{
 						/* spaces second */
-						fprintf(fout, "%.*s", bytes_to_output,
-								this_line->ptr + bytes_output[j]);
+						fputnbytes(fout,
+								   this_line->ptr + bytes_output[j],
+								   bytes_to_output);
 					}
 
 					bytes_output[j] += bytes_to_output;
diff --git a/src/interfaces/ecpg/ecpglib/error.c b/src/interfaces/ecpg/ecpglib/error.c
@@ -1,4 +1,4 @@
-/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/error.c,v 1.25 2010/03/08 12:15:24 meskes Exp $ */
+/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/error.c,v 1.26 2010/05/08 16:39:52 tgl Exp $ */
 
 #define POSTGRES_ECPG_INTERNAL
 #include "postgres_fe.h"
@@ -332,6 +332,7 @@ ecpg_raise_backend(int line, PGresult *result, PGconn *conn, int compat)
 	else
 		sqlca->sqlcode = ECPG_PGSQL;
 
+	/* %.*s is safe here as long as sqlstate is all-ASCII */
 	ecpg_log("raising sqlstate %.*s (sqlcode %d): %s\n",
 			 sizeof(sqlca->sqlstate), sqlca->sqlstate, sqlca->sqlcode, sqlca->sqlerrm.sqlerrmc);
 
diff --git a/src/interfaces/ecpg/pgtypeslib/dt_common.c b/src/interfaces/ecpg/pgtypeslib/dt_common.c
@@ -1,4 +1,4 @@
-/* $PostgreSQL: pgsql/src/interfaces/ecpg/pgtypeslib/dt_common.c,v 1.51 2009/06/11 14:49:13 momjian Exp $ */
+/* $PostgreSQL: pgsql/src/interfaces/ecpg/pgtypeslib/dt_common.c,v 1.52 2010/05/08 16:39:52 tgl Exp $ */
 
 #include "postgres_fe.h"
 
@@ -855,6 +855,14 @@ EncodeDateTime(struct tm * tm, fsec_t fsec, int *tzp, char **tzn, int style, cha
 			if (tm->tm_year <= 0)
 				sprintf(str + strlen(str), " BC");
 
+			/*
+			 * Note: the uses of %.*s in this function would be unportable
+			 * if the timezone names ever contain non-ASCII characters,
+			 * since some platforms think the string length is measured
+			 * in characters not bytes.  However, all TZ abbreviations in
+			 * the Olson database are plain ASCII.
+			 */
+
 			if (tzp != NULL && tm->tm_isdst >= 0)
 			{
 				if (*tzn != NULL)
diff --git a/src/interfaces/libpq/fe-misc.c b/src/interfaces/libpq/fe-misc.c
@@ -23,7 +23,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-misc.c,v 1.141 2010/01/02 16:58:12 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-misc.c,v 1.142 2010/05/08 16:39:53 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -67,6 +67,20 @@ static int pqSocketCheck(PGconn *conn, int forRead, int forWrite,
 static int	pqSocketPoll(int sock, int forRead, int forWrite, time_t end_time);
 
 
+/*
+ * fputnbytes: print exactly N bytes to a file
+ *
+ * Think not to use fprintf with a %.*s format for this.  Some machines
+ * believe %s's precision is measured in characters, others in bytes.
+ */
+static void
+fputnbytes(FILE *f, const char *str, size_t n)
+{
+	while (n-- > 0)
+		fputc(*str++, f);
+}
+
+
 /*
  * pqGetc: get 1 character from the connection
  *
@@ -187,8 +201,11 @@ pqGetnchar(char *s, size_t len, PGconn *conn)
 	conn->inCursor += len;
 
 	if (conn->Pfdebug)
-		fprintf(conn->Pfdebug, "From backend (%lu)> %.*s\n",
-				(unsigned long) len, (int) len, s);
+	{
+		fprintf(conn->Pfdebug, "From backend (%lu)> ", (unsigned long) len);
+		fputnbytes(conn->Pfdebug, s, len);
+		fprintf(conn->Pfdebug, "\n");
+	}
 
 	return 0;
 }
@@ -204,7 +221,11 @@ pqPutnchar(const char *s, size_t len, PGconn *conn)
 		return EOF;
 
 	if (conn->Pfdebug)
-		fprintf(conn->Pfdebug, "To backend> %.*s\n", (int) len, s);
+	{
+		fprintf(conn->Pfdebug, "To backend> ");
+		fputnbytes(conn->Pfdebug, s, len);
+		fprintf(conn->Pfdebug, "\n");
+	}
 
 	return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`* Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group`
`10`	`10`	`* Portions Copyright (c) 1994, Regents of the University of California`
`11`	`11`	`*`
`12`		`- * $PostgreSQL: pgsql/src/backend/lib/stringinfo.c,v 1.52 2010/01/02 16:57:45 momjian Exp $`
	`12`	`+ * $PostgreSQL: pgsql/src/backend/lib/stringinfo.c,v 1.53 2010/05/08 16:39:49 tgl Exp $`
`13`	`13`	`*`
`14`	`14`	`*-------------------------------------------------------------------------`
`15`	`15`	`*/`
`@@ -226,7 +226,8 @@ appendBinaryStringInfo(StringInfo str, const char *data, int datalen)`
`226`	`226`
`227`	`227`	`/*`
`228`	`228`	`* Keep a trailing null in place, even though it's probably useless for`
`229`		`- * binary data...`
	`229`	`+ * binary data. (Some callers are dealing with text but call this`
	`230`	`+ * because their input isn't null-terminated.)`
`230`	`231`	`*/`
`231`	`232`	`str->data[str->len] = '\0';`
`232`	`233`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.210 2010/01/02 16:57:53 momjian Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/utils/adt/datetime.c,v 1.211 2010/05/08 16:39:51 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -3740,6 +3740,14 @@ EncodeDateTime(struct pg_tm * tm, fsec_t fsec, int tzp, char *tzn, int style,`
`3740`	`3740`
`3741`	`3741`	`AppendTimestampSeconds(str + strlen(str), tm, fsec);`
`3742`	`3742`
	`3743`	`+ /*`
	`3744`	`+ * Note: the uses of %.*s in this function would be unportable`
	`3745`	`+ * if the timezone names ever contain non-ASCII characters,`
	`3746`	`+ * since some platforms think the string length is measured`
	`3747`	`+ * in characters not bytes. However, all TZ abbreviations in`
	`3748`	`+ * the Olson database are plain ASCII.`
	`3749`	`+ */`
	`3750`	`+`
`3743`	`3751`	`if (tzp != NULL && tm->tm_isdst >= 0)`
`3744`	`3752`	`{`
`3745`	`3753`	`if (*tzn != NULL)`
`@@ -4091,6 +4099,7 @@ CheckDateTokenTable(const char tablename, const datetkn base, int nel)`
`4091`	`4099`	`{`
`4092`	`4100`	`if (strncmp(base[i - 1].token, base[i].token, TOKMAXLEN) >= 0)`
`4093`	`4101`	`{`
	`4102`	`+ /* %.s is safe since all our tokens are ASCII /`
`4094`	`4103`	`elog(LOG, "ordering error in %s table: \"%.s\" >= \"%.s\"",`
`4095`	`4104`	`tablename,`
`4096`	`4105`	`TOKMAXLEN, base[i - 1].token,`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@`
`42`	`42`	`*`
`43`	`43`	`*`
`44`	`44`	`* IDENTIFICATION`
`45`		`- * $PostgreSQL: pgsql/src/backend/utils/error/elog.c,v 1.223 2010/02/26 02:01:12 momjian Exp $`
	`45`	`+ * $PostgreSQL: pgsql/src/backend/utils/error/elog.c,v 1.224 2010/05/08 16:39:51 tgl Exp $`
`46`	`46`	`*`
`47`	`47`	`*-------------------------------------------------------------------------`
`48`	`48`	`*/`
`@@ -1871,7 +1871,7 @@ log_line_prefix(StringInfo buf, ErrorData *edata)`
`1871`	`1871`	`int displen;`
`1872`	`1872`
`1873`	`1873`	`psdisp = get_ps_display(&displen);`
`1874`		`- appendStringInfo(buf, "%.*s", displen, psdisp);`
	`1874`	`+ appendBinaryStringInfo(buf, psdisp, displen);`
`1875`	`1875`	`}`
`1876`	`1876`	`break;`
`1877`	`1877`	`case 'r':`
`@@ -2029,7 +2029,7 @@ write_csvlog(ErrorData *edata)`
`2029`	`2029`	`initStringInfo(&msgbuf);`
`2030`	`2030`
`2031`	`2031`	`psdisp = get_ps_display(&displen);`
`2032`		`- appendStringInfo(&msgbuf, "%.*s", displen, psdisp);`
	`2032`	`+ appendBinaryStringInfo(&msgbuf, psdisp, displen);`
`2033`	`2033`	`appendCSVLiteral(&buf, msgbuf.data);`
`2034`	`2034`
`2035`	`2035`	`pfree(msgbuf.data);`