Don't use ordinary NULL-terminated strings as Name datums.

Consumers are entitled to read the full 64 bytes pertaining to a Name; using a shorter NULL-terminated string leads to reading beyond the end its allocation; a SIGSEGV is possible. Use the frequent idiom of copying to a NameData on the stack. New in 9.3, so no back-patch.

Don't use ordinary NULL-terminated strings as Name datums.
Consumers are entitled to read the full 64 bytes pertaining to a Name; using a shorter NULL-terminated string leads to reading beyond the end its allocation; a SIGSEGV is possible. Use the frequent idiom of copying to a NameData on the stack. New in 9.3, so no back-patch.
ff53890f · Noah Misch · dc3eb563 · ff53890f · ff53890f
Commit ff53890f authored Jun 12, 2013 by Noah Misch
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

src/backend/commands/alter.c src/backend/commands/alter.c +3 -1

src/backend/commands/event_trigger.c src/backend/commands/event_trigger.c +6 -2

No files found.
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 	Datum	   *values;
 	bool	   *nulls;
 	bool	   *replaces;
+	NameData	nameattrdata;
 	oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId));
 	if (!HeapTupleIsValid(oldtup))
@@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 	values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum));
 	nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
 	replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
-	values[Anum_name - 1] = PointerGetDatum(new_name);
+	namestrcpy(&nameattrdata, new_name);
+	values[Anum_name - 1] = NameGetDatum(&nameattrdata);
 	replaces[Anum_name - 1] = true;
 	newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel),
 							   values, nulls, replaces);

--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 	HeapTuple	tuple;
 	Datum		values[Natts_pg_trigger];
 	bool		nulls[Natts_pg_trigger];
+	NameData	evtnamedata,
+				evteventdata;
 	ObjectAddress myself,
 				referenced;
@@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 	/* Build the new pg_trigger tuple. */
 	memset(nulls, false, sizeof(nulls));
-	values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname);
+	namestrcpy(&evtnamedata, trigname);
-	values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname);
+	values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata);
+	namestrcpy(&evteventdata, eventname);
+	values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata);
 	values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner);
 	values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid);
 	values[Anum_pg_event_trigger_evtenabled - 1] =