I have created a better patch (attached) that correctly escapes the shell arguments using PQExpBufferStr and the appendShellString function, as per Michael and Andres' suggestions.
I started to make a solution that uses a PQExpBuffer, appendShellString, etc. I think it will work just fine, but I think I need to alter the Makefile as well, to get initdb.c to be compiled using -L../../../src/fe_utils -lpgfeutils. Otherwise I am having issues linking:
gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -Wno-unused-command-line-argument -O2 initdb.o findtimezone.o localtime.o encnames.o -L../../../src/port -L../../../src/common -Wl,-dead_strip_dylibs -lpgcommon -lpgport -lz -lreadline -lm -o initdb Undefined symbols for architecture x86_64: "_appendPQExpBufferStr", referenced from: _main in initdb.o "_appendShellString", referenced from: _main in initdb.o "_createPQExpBuffer", referenced from: _main in initdb.o "_destroyPQExpBuffer", referenced from: _main in initdb.o ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation)
On Wed, Aug 17, 2016 at 8:05 AM, Andres Freund <andres@anarazel.de> wrote: > ISTM that the correct fix would be to actually introduce something like > quote_path_for_shell() which either adds proper quotes, or fails if > that'd be hard (e.g. if the path contains quotes, and we're on > windows).
You are looking for appendShellString in fe_utils/string_utils.c. -- Michael