From b01f32c313f00846b6f06cf871d0d9ce7c3ad5e5 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 2 Apr 2018 13:46:13 -0400
Subject: [PATCH] Fix some dubious WAL-parsing code.

Coverity complained about possible buffer overrun in two places added by
commit 1eb6d6527, and AFAICS it's reasonable to worry: even granting that
the WAL originator properly truncated the commit GID to GIDSIZE, we should
not really bet our lives on that having the same value as it does in the
current build.  Hence, use strlcpy() not strcpy(), and adjust the pointer
advancement logic to be sure we skip over the whole source string even if
strlcpy() truncated it.
---
 src/backend/access/rmgrdesc/xactdesc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/backend/access/rmgrdesc/xactdesc.c b/src/backend/access/rmgrdesc/xactdesc.c
index b3e2fc3036c..3b3c95f8104 100644
--- a/src/backend/access/rmgrdesc/xactdesc.c
+++ b/src/backend/access/rmgrdesc/xactdesc.c
@@ -106,8 +106,8 @@ ParseCommitRecord(uint8 info, xl_xact_commit *xlrec, xl_xact_parsed_commit *pars
 		if (parsed->xinfo & XACT_XINFO_HAS_GID)
 		{
 			int gidlen;
-			strcpy(parsed->twophase_gid, data);
-			gidlen = strlen(parsed->twophase_gid) + 1;
+			strlcpy(parsed->twophase_gid, data, sizeof(parsed->twophase_gid));
+			gidlen = strlen(data) + 1;
 			data += MAXALIGN(gidlen);
 		}
 	}
@@ -190,8 +190,8 @@ ParseAbortRecord(uint8 info, xl_xact_abort *xlrec, xl_xact_parsed_abort *parsed)
 		if (parsed->xinfo & XACT_XINFO_HAS_GID)
 		{
 			int gidlen;
-			strcpy(parsed->twophase_gid, data);
-			gidlen = strlen(parsed->twophase_gid) + 1;
+			strlcpy(parsed->twophase_gid, data, sizeof(parsed->twophase_gid));
+			gidlen = strlen(data) + 1;
 			data += MAXALIGN(gidlen);
 		}
 	}
-- 
2.39.5