Daniel Gustafsson <dan...@yesql.se> writes: > I happened to spot the below call in src/bin/pg_basebackup/streamutil.c which > has an unbounded %s in the format.
> /* fetch xlog value and unit from the result */ > if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2) > There is no risk of overflow as the unit is defined to be at most 2 > characters, > but that's not explained (like how a similar %s is handled in pg_dump). Ugh. Shouldn't we instead modify the format to read not more than two characters? Even if this is safe on non-malicious input, it doesn't seem like good style. regards, tom lane