Avoid potential buffer overflow crash

A pointer to a C string was treated as a pointer to a "name" datum and passed to SPI_execute_plan(). This pointer would then end up being passed through datumCopy(), which would try to copy the entire 64 bytes of name data, thus running past the end of the C string. Fix by converting the string to a proper name structure. Found by LLVM AddressSanitizer.
author: Peter Eisentraut <peter_e@gmx.net> 2013-11-23 07:25:37 -0500
committer: Peter Eisentraut <peter_e@gmx.net> 2013-11-23 07:25:37 -0500
commit: 4053189d594a5eb1949bba26766fdb0de837e255 (patch)
tree: 847f7c964a804bbcbb0b0dbe15b1cbdd65b541c1
parent: f19e92ed040c2afba2333f0ce547848f4dc4ec21 (diff)
download: postgresql-4053189d594a5eb1949bba26766fdb0de837e255.tar.gz
postgresql-4053189d594a5eb1949bba26766fdb0de837e255.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/adt/ruleutils.c b/src/backend/utils/adt/ruleutils.c
index 74b573bd5e6..dffac7c5293 100644
--- a/src/backend/utils/adt/ruleutils.c
+++ b/src/backend/utils/adt/ruleutils.c
@@ -632,7 +632,7 @@ pg_get_viewdef_worker(Oid viewoid, int prettyFlags, int wrapColumn)
 	 * Get the pg_rewrite tuple for the view's SELECT rule
 	 */
 	args[0] = ObjectIdGetDatum(viewoid);
-	args[1] = PointerGetDatum(ViewSelectRuleName);
+	args[1] = DirectFunctionCall1(namein, CStringGetDatum(ViewSelectRuleName));
 	nulls[0] = ' ';
 	nulls[1] = ' ';
 	spirc = SPI_execute_plan(plan_getviewrule, args, nulls, true, 2);
author	Peter Eisentraut <peter_e@gmx.net>	2013-11-23 07:25:37 -0500
committer	Peter Eisentraut <peter_e@gmx.net>	2013-11-23 07:25:37 -0500
commit	4053189d594a5eb1949bba26766fdb0de837e255 (patch)
tree	847f7c964a804bbcbb0b0dbe15b1cbdd65b541c1
parent	f19e92ed040c2afba2333f0ce547848f4dc4ec21 (diff)
download	postgresql-4053189d594a5eb1949bba26766fdb0de837e255.tar.gz postgresql-4053189d594a5eb1949bba26766fdb0de837e255.zip