Don't use ordinary NULL-terminated strings as Name datums.

Consumers are entitled to read the full 64 bytes pertaining to a Name;
using a shorter NULL-terminated string leads to reading beyond the end
its allocation; a SIGSEGV is possible.  Use the frequent idiom of
copying to a NameData on the stack.  New in 9.3, so no back-patch.

diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index 178c97949dce209c4c6ef3d4560432c5ac3f539e..bb6c1a46606cb2c7c3cdf1c9dc0e9241660d3dab 100644 (file)
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
    Datum      *values;
    bool       *nulls;
    bool       *replaces;
+   NameData    nameattrdata;
 
    oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId));
    if (!HeapTupleIsValid(oldtup))
@@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
    values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum));
    nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
    replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
-   values[Anum_name - 1] = PointerGetDatum(new_name);
+   namestrcpy(&nameattrdata, new_name);
+   values[Anum_name - 1] = NameGetDatum(&nameattrdata);
    replaces[Anum_name - 1] = true;
    newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel),
                               values, nulls, replaces);

diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
index a0f97e460e61d52c5e117615e6a8b4b2edda1a13..328e2a89524ce6da22d5fd6e647ba1a3a82ec8bd 100644 (file)
--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
    HeapTuple   tuple;
    Datum       values[Natts_pg_trigger];
    bool        nulls[Natts_pg_trigger];
+   NameData    evtnamedata,
+               evteventdata;
    ObjectAddress myself,
                referenced;
 
@@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 
    /* Build the new pg_trigger tuple. */
    memset(nulls, false, sizeof(nulls));
-   values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname);
-   values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname);
+   namestrcpy(&evtnamedata, trigname);
+   values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata);
+   namestrcpy(&evteventdata, eventname);
+   values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata);
    values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner);
    values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid);
    values[Anum_pg_event_trigger_evtenabled - 1] =