Skip to content

Commit 0509498

Browse files
tglsfdctglsfdc
committed
Avoid calling strerror[_r] in PQcancel().
PQcancel() is supposed to be safe to call from a signal handler, and indeed psql uses it that way. All of the library functions it uses are specified to be async-signal-safe by POSIX ... except for strerror. Neither plain strerror nor strerror_r are considered safe. When this code was written, back in the dark ages, we probably figured "oh, strerror will just index into a constant array of strings" ... but in any locale except C, that's unlikely to be true. Probably the reason we've not heard complaints is that (a) this error-handling code is unlikely to be reached in normal use, and (b) in many scenarios, localized error strings would already have been loaded, after which maybe it's safe to call strerror here. Still, this is clearly unacceptable. The best we can do without relying on strerror is to print the decimal value of errno, so make it do that instead. (This is probably not much loss of user-friendliness, given that it is hard to get a failure here.) Back-patch to all supported branches. Discussion: https://postgr.es/m/2937814.1641960929@sss.pgh.pa.us
1 parent 17da9d4 commit 0509498

File tree

1 file changed

+19
-3
lines changed

1 file changed

+19
-3
lines changed

src/interfaces/libpq/fe-connect.c

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4435,7 +4435,6 @@ internal_cancel(SockAddr *raddr, int be_pid, int be_key,
44354435
{
44364436
int save_errno = SOCK_ERRNO;
44374437
pgsocket tmpsock = PGINVALID_SOCKET;
4438-
char sebuf[PG_STRERROR_R_BUFLEN];
44394438
int maxlen;
44404439
struct
44414440
{
@@ -4514,8 +4513,25 @@ internal_cancel(SockAddr *raddr, int be_pid, int be_key,
45144513
maxlen = errbufsize - strlen(errbuf) - 2;
45154514
if (maxlen >= 0)
45164515
{
4517-
strncat(errbuf, SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)),
4518-
maxlen);
4516+
/*
4517+
* We can't invoke strerror here, since it's not signal-safe. Settle
4518+
* for printing the decimal value of errno. Even that has to be done
4519+
* the hard way.
4520+
*/
4521+
int val = SOCK_ERRNO;
4522+
char buf[32];
4523+
char *bufp;
4524+
4525+
bufp = buf + sizeof(buf) - 1;
4526+
*bufp = '\0';
4527+
do
4528+
{
4529+
*(--bufp) = (val % 10) + '0';
4530+
val /= 10;
4531+
} while (val > 0);
4532+
bufp -= 6;
4533+
memcpy(bufp, "error ", 6);
4534+
strncat(errbuf, bufp, maxlen);
45194535
strcat(errbuf, "\n");
45204536
}
45214537
if (tmpsock != PGINVALID_SOCKET)

0 commit comments

Comments
 (0)