diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2013-11-23 07:25:37 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2013-11-23 07:25:37 -0500 |
| commit | 4053189d594a5eb1949bba26766fdb0de837e255 (patch) | |
| tree | 847f7c964a804bbcbb0b0dbe15b1cbdd65b541c1 /src/backend/parser/parse_node.c | |
| parent | f19e92ed040c2afba2333f0ce547848f4dc4ec21 (diff) | |
| download | postgresql-4053189d594a5eb1949bba26766fdb0de837e255.tar.gz postgresql-4053189d594a5eb1949bba26766fdb0de837e255.zip | |
Avoid potential buffer overflow crash
A pointer to a C string was treated as a pointer to a "name" datum and
passed to SPI_execute_plan(). This pointer would then end up being
passed through datumCopy(), which would try to copy the entire 64 bytes
of name data, thus running past the end of the C string. Fix by
converting the string to a proper name structure.
Found by LLVM AddressSanitizer.
Diffstat (limited to 'src/backend/parser/parse_node.c')
0 files changed, 0 insertions, 0 deletions