aboutsummaryrefslogtreecommitdiff
path: root/src/backend/utils/adt/ruleutils.c
diff options
context:
space:
mode:
authorPeter Eisentraut <peter_e@gmx.net>2013-11-23 07:25:37 -0500
committerPeter Eisentraut <peter_e@gmx.net>2013-11-23 07:31:07 -0500
commite1f7173ea19ad8977311dc72fe50492fae5c078d (patch)
treef6e703ad9363d51c8413df279220d4d9fabe057c /src/backend/utils/adt/ruleutils.c
parent92a752151fa9c279595ab6f896534e49a5625920 (diff)
downloadpostgresql-e1f7173ea19ad8977311dc72fe50492fae5c078d.tar.gz
postgresql-e1f7173ea19ad8977311dc72fe50492fae5c078d.zip
Avoid potential buffer overflow crash
A pointer to a C string was treated as a pointer to a "name" datum and passed to SPI_execute_plan(). This pointer would then end up being passed through datumCopy(), which would try to copy the entire 64 bytes of name data, thus running past the end of the C string. Fix by converting the string to a proper name structure. Found by LLVM AddressSanitizer.
Diffstat (limited to 'src/backend/utils/adt/ruleutils.c')
-rw-r--r--src/backend/utils/adt/ruleutils.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/adt/ruleutils.c b/src/backend/utils/adt/ruleutils.c
index ebfac92ee59..bfebef89eb9 100644
--- a/src/backend/utils/adt/ruleutils.c
+++ b/src/backend/utils/adt/ruleutils.c
@@ -454,7 +454,7 @@ pg_get_viewdef_worker(Oid viewoid, int prettyFlags)
* Get the pg_rewrite tuple for the view's SELECT rule
*/
args[0] = ObjectIdGetDatum(viewoid);
- args[1] = PointerGetDatum(ViewSelectRuleName);
+ args[1] = DirectFunctionCall1(namein, CStringGetDatum(ViewSelectRuleName));
nulls[0] = ' ';
nulls[1] = ' ';
spirc = SPI_execute_plan(plan_getviewrule, args, nulls, true, 2);
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-11 02:37:43 +0000