On Thu, Apr 2, 2026 at 2:22 PM Tom Lane <[email protected]> wrote: > Looking again at astreamer_tar.c, I suddenly realized that it doesn't > do any meaningful input validation. So if you feed it junk input, > you get garbage errors that aren't even predictable:
Wow. > So I think we need something like the attached, in addition > to what I sent before. This just makes astreamer_tar.c use > the isValidTarHeader function that pg_dump already had. > (I decided to const-ify isValidTarHeader's argument while > moving it to a shared location, which in turn requires > const-ifying tarChecksum.) LGTM. $ echo -n x | dd of=foo.tar bs=1 seek=257 count=1 conv=notrunc $ strings foo.tar | grep tar | head -1 xstar $ pg_waldump --path=foo.tar -s 0/1 -e 0/100 pg_waldump: error: input file does not appear to be a valid tar archive $ echo -n u | dd of=foo.tar bs=1 seek=257 count=1 conv=notrunc $ strings foo.tar | grep tar | head -1 ustar $ pg_waldump --path=foo.tar -s 0/1 -e 0/100 ... other output...
