waldump: fix use-after-free in search_directory().

After closedir() dirent->d_name is not valid anymore. As there alerady are a
few places relying on the limited lifetime of pg_waldump, do so here as well,
and just pg_strdup() the string.

The bug was introduced in fc49e24fa69a.

Found by UBSan, run locally.

Backpatch: 11-, like fc49e24fa69 itself.

diff --git a/src/bin/pg_waldump/pg_waldump.c b/src/bin/pg_waldump/pg_waldump.c
index 9ffe9e55bd9d393ca5c7bef9494300c14746b33c..4cb40d068a9718663ec5e3b87892658e102a25ea 100644 (file)
--- a/src/bin/pg_waldump/pg_waldump.c
+++ b/src/bin/pg_waldump/pg_waldump.c
@@ -204,7 +204,7 @@ search_directory(const char *directory, const char *fname)
            if (IsXLogFileName(xlde->d_name))
            {
                fd = open_file_in_directory(directory, xlde->d_name);
-               fname = xlde->d_name;
+               fname = pg_strdup(xlde->d_name);
                break;
            }
        }