GCC 4.0 includes a new warning option, -Wformat-literal, that emits

a warning when a variable is used as a format string for printf()
and similar functions (if the variable is derived from untrusted
data, it could include unexpected formatting sequences). This
emits too many warnings to be enabled by default, but it does
flag a few dubious constructs in the Postgres tree. This patch
fixes up the obvious variants: functions that are passed a variable
format string but no additional arguments.

Most of these are harmless (e.g. the ruleutils stuff), but there
is at least one actual bug here: if you create a trigger named
"%sfoo", pg_dump will read uninitialized memory and fail to dump
the trigger correctly.

diff --git a/src/backend/utils/adt/ruleutils.c b/src/backend/utils/adt/ruleutils.c
index f726106a45ef5bc3714d775aafb228dc64064b45..cc65bf47a250df287da9763027740887b273c663 100644 (file)
--- a/src/backend/utils/adt/ruleutils.c
+++ b/src/backend/utils/adt/ruleutils.c
@@ -733,7 +733,7 @@ pg_get_indexdef_worker(Oid indexrelid, int colno, int prettyFlags)
                AttrNumber      attnum = idxrec->indkey.values[keyno];
 
                if (!colno)
-                       appendStringInfo(&buf, sep);
+                       appendStringInfoString(&buf, sep);
                sep = ", ";
 
                if (attnum != 0)
@@ -1885,7 +1885,7 @@ get_select_query_def(Query *query, deparse_context *context,
                        Oid                     sortcoltype;
                        TypeCacheEntry *typentry;
 
-                       appendStringInfo(buf, sep);
+                       appendStringInfoString(buf, sep);
                        sortexpr = get_rule_sortgroupclause(srt, query->targetList,
                                                                                                force_colno, context);
                        sortcoltype = exprType(sortexpr);
@@ -1954,7 +1954,7 @@ get_basic_select_query(Query *query, deparse_context *context,
                        {
                                SortClause *srt = (SortClause *) lfirst(l);
 
-                               appendStringInfo(buf, sep);
+                               appendStringInfoString(buf, sep);
                                get_rule_sortgroupclause(srt, query->targetList,
                                                                                 false, context);
                                sep = ", ";
@@ -1976,7 +1976,7 @@ get_basic_select_query(Query *query, deparse_context *context,
                if (tle->resjunk)
                        continue;                       /* ignore junk entries */
 
-               appendStringInfo(buf, sep);
+               appendStringInfoString(buf, sep);
                sep = ", ";
                colno++;
 
@@ -2040,7 +2040,7 @@ get_basic_select_query(Query *query, deparse_context *context,
                {
                        GroupClause *grp = (GroupClause *) lfirst(l);
 
-                       appendStringInfo(buf, sep);
+                       appendStringInfoString(buf, sep);
                        get_rule_sortgroupclause(grp, query->targetList,
                                                                         false, context);
                        sep = ", ";
@@ -2229,7 +2229,7 @@ get_insert_query_def(Query *query, deparse_context *context)
                if (tle->resjunk)
                        continue;                       /* ignore junk entries */
 
-               appendStringInfo(buf, sep);
+               appendStringInfoString(buf, sep);
                sep = ", ";
 
                /*
@@ -2301,7 +2301,7 @@ get_update_query_def(Query *query, deparse_context *context)
                if (tle->resjunk)
                        continue;                       /* ignore junk entries */
 
-               appendStringInfo(buf, sep);
+               appendStringInfoString(buf, sep);
                sep = ", ";
 
                /*
@@ -3268,7 +3268,7 @@ get_rule_expr(Node *node, deparse_context *context,
                                        if (tupdesc == NULL ||
                                                !tupdesc->attrs[i]->attisdropped)
                                        {
-                                               appendStringInfo(buf, sep);
+                                               appendStringInfoString(buf, sep);
                                                get_rule_expr(e, context, true);
                                                sep = ", ";
                                        }
@@ -3280,7 +3280,7 @@ get_rule_expr(Node *node, deparse_context *context,
                                        {
                                                if (!tupdesc->attrs[i]->attisdropped)
                                                {
-                                                       appendStringInfo(buf, sep);
+                                                       appendStringInfoString(buf, sep);
                                                        appendStringInfo(buf, "NULL");
                                                        sep = ", ";
                                                }
@@ -3415,7 +3415,7 @@ get_rule_expr(Node *node, deparse_context *context,
                                sep = "";
                                foreach(l, (List *) node)
                                {
-                                       appendStringInfo(buf, sep);
+                                       appendStringInfoString(buf, sep);
                                        get_rule_expr((Node *) lfirst(l), context, showimplicit);
                                        sep = ", ";
                                }

diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index ee92507cc34187289c706866664f39d5f770d6f5..bf6dd2430efd8775c98e644e7011a91e37c536fb 100644 (file)
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -2609,7 +2609,7 @@ main(int argc, char *argv[])
        make_template0();
 
        if (authwarning != NULL)
-               fprintf(stderr, authwarning);
+               fprintf(stderr, "%s", authwarning);
 
        /* Get directory specification used to start this executable */
        strcpy(bin_dir, argv[0]);

diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c
index e4221ac2b9b40a9dc92b6fe0f5c3ea565142ce87..4be925c9502b73236ee9df12d4a7eca385c9aa67 100644 (file)
--- a/src/bin/pg_dump/dumputils.c
+++ b/src/bin/pg_dump/dumputils.c
@@ -160,7 +160,7 @@ appendStringLiteralDQ(PQExpBuffer buf, const char *str, const char *dqprefix)
        /* start with $ + dqprefix if not NULL */
        appendPQExpBufferChar(delimBuf, '$');
        if (dqprefix)
-               appendPQExpBuffer(delimBuf, dqprefix);
+               appendPQExpBufferStr(delimBuf, dqprefix);
 
        /*
         * Make sure we choose a delimiter which (without the trailing $) is

diff --git a/src/bin/pg_dump/pg_backup_archiver.c b/src/bin/pg_dump/pg_backup_archiver.c
index 80d75d37f80d3fa77490d3ebe72a8f117e699eec..50185ee2bce1679ecd3c0da41cadd75990b1ee2a 100644 (file)
--- a/src/bin/pg_dump/pg_backup_archiver.c
+++ b/src/bin/pg_dump/pg_backup_archiver.c
@@ -345,7 +345,7 @@ RestoreArchive(Archive *AHX, RestoreOptions *ropt)
                                                 * mode with libpq.
                                                 */
                                                if (te->copyStmt && strlen(te->copyStmt) > 0)
-                                                       ahprintf(AH, te->copyStmt);
+                                                       ahprintf(AH, "%s", te->copyStmt);
 
                                                (*AH->PrintTocDataPtr) (AH, te, ropt);
 
@@ -2197,9 +2197,7 @@ _reconnectToDB(ArchiveHandle *AH, const char *dbname)
 
                appendPQExpBuffer(qry, "\\connect %s\n\n",
                                                  dbname ? fmtId(dbname) : "-");
-
-               ahprintf(AH, qry->data);
-
+               ahprintf(AH, "%s", qry->data);
                destroyPQExpBuffer(qry);
        }
 

diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c
index a9fa0e480a2522603824fef3b38edb6e168ba24d..43a71ff0ef4c66a074504b767610c90186513965 100644 (file)
--- a/src/bin/pg_dump/pg_dump.c
+++ b/src/bin/pg_dump/pg_dump.c
@@ -976,7 +976,7 @@ dumpTableData_insert(Archive *fout, void *dcontext)
                                {
                                        if (field > 0)
                                                appendPQExpBuffer(q, ", ");
-                                       appendPQExpBuffer(q, fmtId(PQfname(res, field)));
+                                       appendPQExpBufferStr(q, fmtId(PQfname(res, field)));
                                }
                                appendPQExpBuffer(q, ") ");
                                archputs(q->data, fout);
@@ -7599,12 +7599,12 @@ dumpTrigger(Archive *fout, TriggerInfo *tginfo)
        if (tginfo->tgisconstraint)
        {
                appendPQExpBuffer(query, "CREATE CONSTRAINT TRIGGER ");
-               appendPQExpBuffer(query, fmtId(tginfo->tgconstrname));
+               appendPQExpBufferStr(query, fmtId(tginfo->tgconstrname));
        }
        else
        {
                appendPQExpBuffer(query, "CREATE TRIGGER ");
-               appendPQExpBuffer(query, fmtId(tginfo->dobj.name));
+               appendPQExpBufferStr(query, fmtId(tginfo->dobj.name));
        }
        appendPQExpBuffer(query, "\n    ");