Skip to content

Commit f27af7b

Browse files
tglsfdctglsfdc
committed
Avoid calling strerror[_r] in PQcancel().
PQcancel() is supposed to be safe to call from a signal handler, and indeed psql uses it that way. All of the library functions it uses are specified to be async-signal-safe by POSIX ... except for strerror. Neither plain strerror nor strerror_r are considered safe. When this code was written, back in the dark ages, we probably figured "oh, strerror will just index into a constant array of strings" ... but in any locale except C, that's unlikely to be true. Probably the reason we've not heard complaints is that (a) this error-handling code is unlikely to be reached in normal use, and (b) in many scenarios, localized error strings would already have been loaded, after which maybe it's safe to call strerror here. Still, this is clearly unacceptable. The best we can do without relying on strerror is to print the decimal value of errno, so make it do that instead. (This is probably not much loss of user-friendliness, given that it is hard to get a failure here.) Back-patch to all supported branches. Discussion: https://postgr.es/m/2937814.1641960929@sss.pgh.pa.us
1 parent 90a847e commit f27af7b

File tree

1 file changed

+19
-3
lines changed

1 file changed

+19
-3
lines changed

src/interfaces/libpq/fe-connect.c

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4373,7 +4373,6 @@ internal_cancel(SockAddr *raddr, int be_pid, int be_key,
43734373
{
43744374
int save_errno = SOCK_ERRNO;
43754375
pgsocket tmpsock = PGINVALID_SOCKET;
4376-
char sebuf[PG_STRERROR_R_BUFLEN];
43774376
int maxlen;
43784377
struct
43794378
{
@@ -4452,8 +4451,25 @@ internal_cancel(SockAddr *raddr, int be_pid, int be_key,
44524451
maxlen = errbufsize - strlen(errbuf) - 2;
44534452
if (maxlen >= 0)
44544453
{
4455-
strncat(errbuf, SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)),
4456-
maxlen);
4454+
/*
4455+
* We can't invoke strerror here, since it's not signal-safe. Settle
4456+
* for printing the decimal value of errno. Even that has to be done
4457+
* the hard way.
4458+
*/
4459+
int val = SOCK_ERRNO;
4460+
char buf[32];
4461+
char *bufp;
4462+
4463+
bufp = buf + sizeof(buf) - 1;
4464+
*bufp = '\0';
4465+
do
4466+
{
4467+
*(--bufp) = (val % 10) + '0';
4468+
val /= 10;
4469+
} while (val > 0);
4470+
bufp -= 6;
4471+
memcpy(bufp, "error ", 6);
4472+
strncat(errbuf, bufp, maxlen);
44574473
strcat(errbuf, "\n");
44584474
}
44594475
if (tmpsock != PGINVALID_SOCKET)

0 commit comments

Comments
 (0)