Re: getting "shell command argument contains a newline or carriage return:" error with pg_dumpall when db name have new line in double quote

./psql postgres

On Thu, Mar 27, 2025 at 4:16 PM Andrew Dunstan <andrew@dunslane.net> wrote:

Yes, sorry, I misread the thread. I think we should proceed with options 1 and 3 i.e. prevent creation of new databases with a CR or LF, and have pgdumpall exit with a more useful error message.

agreed. 

Your invention of an is_name_contain_lfcr() function is unnecessary - we can just use the standard library function strpbrk() to look for a CR or LF.

makes sense,but I have a dumb doubt why in appendShellStringNoError() it still continues even after it found CR or LF? ,AFAIK The reasoning is this function is designed to silently filter out \n and \r while still producing a usable shell-safe argument. It informs the caller of the issue (false return value) but does not abruptly stop execution,then the caller will decide what to do but every place this function is called they are just throwing the error.

if we could just break the loop right after we found \n or \r in appendShellStringNoError() we can also use strpbrk() here and during creation of new database as you suggested.

thoughts?

 

I don't know. If you want to submit a patch cleaning it up go ahead. But right now I just want to get this original issue cleaned up to go along with the pg_dumpall improvements.

cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com