Skip to content

Commit e1f7173

Browse files
peterepetere
committed
Avoid potential buffer overflow crash
A pointer to a C string was treated as a pointer to a "name" datum and passed to SPI_execute_plan(). This pointer would then end up being passed through datumCopy(), which would try to copy the entire 64 bytes of name data, thus running past the end of the C string. Fix by converting the string to a proper name structure. Found by LLVM AddressSanitizer.
1 parent 92a7521 commit e1f7173

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/backend/utils/adt/ruleutils.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -454,7 +454,7 @@ pg_get_viewdef_worker(Oid viewoid, int prettyFlags)
454454
* Get the pg_rewrite tuple for the view's SELECT rule
455455
*/
456456
args[0] = ObjectIdGetDatum(viewoid);
457-
args[1] = PointerGetDatum(ViewSelectRuleName);
457+
args[1] = DirectFunctionCall1(namein, CStringGetDatum(ViewSelectRuleName));
458458
nulls[0] = ' ';
459459
nulls[1] = ' ';
460460
spirc = SPI_execute_plan(plan_getviewrule, args, nulls, true, 2);

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy