From ff53890f687c7f6b2a10db6661e9c32faf832636 Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Wed, 12 Jun 2013 19:49:50 -0400
Subject: [PATCH] Don't use ordinary NULL-terminated strings as Name datums.

Consumers are entitled to read the full 64 bytes pertaining to a Name;
using a shorter NULL-terminated string leads to reading beyond the end
its allocation; a SIGSEGV is possible.  Use the frequent idiom of
copying to a NameData on the stack.  New in 9.3, so no back-patch.
---
 src/backend/commands/alter.c         | 4 +++-
 src/backend/commands/event_trigger.c | 8 ++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/backend/commands/alter.c b/src/backend/commands/alter.c
index 178c97949dc..bb6c1a46606 100644
--- a/src/backend/commands/alter.c
+++ b/src/backend/commands/alter.c
@@ -168,6 +168,7 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 	Datum	   *values;
 	bool	   *nulls;
 	bool	   *replaces;
+	NameData	nameattrdata;
 
 	oldtup = SearchSysCache1(oidCacheId, ObjectIdGetDatum(objectId));
 	if (!HeapTupleIsValid(oldtup))
@@ -273,7 +274,8 @@ AlterObjectRename_internal(Relation rel, Oid objectId, const char *new_name)
 	values = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(Datum));
 	nulls = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
 	replaces = palloc0(RelationGetNumberOfAttributes(rel) * sizeof(bool));
-	values[Anum_name - 1] = PointerGetDatum(new_name);
+	namestrcpy(&nameattrdata, new_name);
+	values[Anum_name - 1] = NameGetDatum(&nameattrdata);
 	replaces[Anum_name - 1] = true;
 	newtup = heap_modify_tuple(oldtup, RelationGetDescr(rel),
 							   values, nulls, replaces);
diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
index a0f97e460e6..328e2a89524 100644
--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -302,6 +302,8 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 	HeapTuple	tuple;
 	Datum		values[Natts_pg_trigger];
 	bool		nulls[Natts_pg_trigger];
+	NameData	evtnamedata,
+				evteventdata;
 	ObjectAddress myself,
 				referenced;
 
@@ -310,8 +312,10 @@ insert_event_trigger_tuple(char *trigname, char *eventname, Oid evtOwner,
 
 	/* Build the new pg_trigger tuple. */
 	memset(nulls, false, sizeof(nulls));
-	values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(trigname);
-	values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(eventname);
+	namestrcpy(&evtnamedata, trigname);
+	values[Anum_pg_event_trigger_evtname - 1] = NameGetDatum(&evtnamedata);
+	namestrcpy(&evteventdata, eventname);
+	values[Anum_pg_event_trigger_evtevent - 1] = NameGetDatum(&evteventdata);
 	values[Anum_pg_event_trigger_evtowner - 1] = ObjectIdGetDatum(evtOwner);
 	values[Anum_pg_event_trigger_evtfoid - 1] = ObjectIdGetDatum(funcoid);
 	values[Anum_pg_event_trigger_evtenabled - 1] =
-- 
GitLab