Don't use ordinary NULL-terminated strings as Name datums.

Consumers are entitled to read the full 64 bytes pertaining to a Name;
using a shorter NULL-terminated string leads to reading beyond the end
its allocation; a SIGSEGV is possible.  Use the frequent idiom of
copying to a NameData on the stack.  New in 9.3, so no back-patch.

diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index 178c97949dce209c4c6ef3d4560432c5ac3f539e..bb6c1a46606cb2c7c3cdf1c9dc0e9241660d3dab 100644 (file)
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
        Datum      *values;
        bool       *nulls;
        bool       *replaces;
+       NameData        nameattrdata;
 
        oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId));
        if (!HeapTupleIsValid(oldtup))
@@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
        values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum));
        nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
        replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
-       values[Anum_name - 1] = PointerGetDatum(new_name);
+       namestrcpy(&nameattrdata, new_name);
+       values[Anum_name - 1] = NameGetDatum(&nameattrdata);
        replaces[Anum_name - 1] = true;
        newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel),
                                                           values, nulls, replaces);

diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
index a0f97e460e61d52c5e117615e6a8b4b2edda1a13..328e2a89524ce6da22d5fd6e647ba1a3a82ec8bd 100644 (file)
--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
        HeapTuple       tuple;
        Datum           values[Natts_pg_trigger];
        bool            nulls[Natts_pg_trigger];
+       NameData        evtnamedata,
+                               evteventdata;
        ObjectAddress myself,
                                referenced;
 
@@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 
        /* Build the new pg_trigger tuple. */
        memset(nulls, false, sizeof(nulls));
-       values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname);
-       values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname);
+       namestrcpy(&evtnamedata, trigname);
+       values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata);
+       namestrcpy(&evteventdata, eventname);
+       values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata);
        values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner);
        values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid);
        values[Anum_pg_event_trigger_evtenabled - 1] =