From: Andres Freund <andres@anarazel.de>
Date: Wed, 23 Mar 2022 23:38:43 +0000 (-0700)
Subject: waldump: fix use-after-free in search_directory().
X-Git-Tag: REL_12_11~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ebd262dcbacddbd359d08c032fa04bfdf839b36;p=thirdparty%2Fpostgresql.git

waldump: fix use-after-free in search_directory().

After closedir() dirent->d_name is not valid anymore. As there alerady are a
few places relying on the limited lifetime of pg_waldump, do so here as well,
and just pg_strdup() the string.

The bug was introduced in fc49e24fa69a.

Found by UBSan, run locally.

Backpatch: 11-, like fc49e24fa69 itself.
---

diff --git a/src/bin/pg_waldump/pg_waldump.c b/src/bin/pg_waldump/pg_waldump.c
index b1e5f461045..5d7f52583b8 100644
--- a/src/bin/pg_waldump/pg_waldump.c
+++ b/src/bin/pg_waldump/pg_waldump.c
@@ -180,7 +180,7 @@ search_directory(const char *directory, const char *fname)
 			if (IsXLogFileName(xlde->d_name))
 			{
 				fd = open_file_in_directory(directory, xlde->d_name);
-				fname = xlde->d_name;
+				fname = pg_strdup(xlde->d_name);
 				break;
 			}
 		}