When using C-string lookup keys in a dynahash.c hash table, use strncpy()

not memcpy() to copy the offered key into the hash table during HASH_ENTER. This avoids possible core dump if the passed key is located very near the end of memory. Per report from Stefan Kaltenbrunner.
2025-08-31 17:02:12 +03:00 · 2005-06-18 20:51:59 +00:00
parent 2b6dd51a5f
commit 41d28499a2
2 changed files with 13 additions and 3 deletions
--- a/src/backend/utils/hash/dynahash.c
+++ b/src/backend/utils/hash/dynahash.c
@@ -9,7 +9,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/hash/dynahash.c,v 1.48 2003/08/19 01:13:41 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/hash/dynahash.c,v 1.48.2.1 2005/06/18 20:51:59 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -144,6 +144,14 @@ hash_create(const char *tabname, long nelem, HASHCTL *info, int flags)
 	else
 		hashp->match = memcmp;

+	/*
+	 * Similarly, the key-copying function defaults to strncpy() or memcpy().
+	 */
+	if (hashp->hash == string_hash)
+		hashp->keycopy = (HashCopyFunc) strncpy;
+	else
+		hashp->keycopy = memcpy;
+
 	if (flags & HASH_SHARED_MEM)
 	{
 		/*
@@ -644,7 +652,7 @@ hash_search(HTAB *hashp,

 			/* copy key into record */
 			currBucket->hashvalue = hashvalue;
-			memcpy(ELEMENTKEY(currBucket), keyPtr, hctl->keysize);
+			hashp->keycopy(ELEMENTKEY(currBucket), keyPtr, hctl->keysize);

 			/* caller is expected to fill the data field on return */