Skip to content

Commit 240766a

Browse files
peterepetere
committed
Avoid potential buffer overflow crash
A pointer to a C string was treated as a pointer to a "name" datum and passed to SPI_execute_plan(). This pointer would then end up being passed through datumCopy(), which would try to copy the entire 64 bytes of name data, thus running past the end of the C string. Fix by converting the string to a proper name structure. Found by LLVM AddressSanitizer.
1 parent 122ba5d commit 240766a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/backend/utils/adt/ruleutils.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -428,7 +428,7 @@ pg_get_viewdef_worker(Oid viewoid, int prettyFlags)
428428
* Get the pg_rewrite tuple for the view's SELECT rule
429429
*/
430430
args[0] = ObjectIdGetDatum(viewoid);
431-
args[1] = PointerGetDatum(ViewSelectRuleName);
431+
args[1] = DirectFunctionCall1(namein, CStringGetDatum(ViewSelectRuleName));
432432
nulls[0] = ' ';
433433
nulls[1] = ' ';
434434
spirc = SPI_execute_plan(plan_getviewrule, args, nulls, true, 2);

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy