When using C-string lookup keys in a dynahash.c hash table, use strncpy()

not memcpy() to copy the offered key into the hash table during HASH_ENTER. This avoids possible core dump if the passed key is located very near the end of memory. Per report from Stefan Kaltenbrunner.
2025-09-02 04:21:28 +03:00 · 2005-06-18 20:51:30 +00:00
parent a8d1075f27
commit 6a6f2d91d4
2 changed files with 32 additions and 8 deletions
--- a/src/backend/utils/hash/dynahash.c
+++ b/src/backend/utils/hash/dynahash.c
@@ -9,7 +9,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/hash/dynahash.c,v 1.61 2005/05/29 04:23:06 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/hash/dynahash.c,v 1.62 2005/06/18 20:51:30 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -167,6 +167,16 @@ hash_create(const char *tabname, long nelem, HASHCTL *info, int flags)
 	else
 		hashp->match = memcmp;

+	/*
+	 * Similarly, the key-copying function defaults to strncpy() or memcpy().
+	 */
+	if (flags & HASH_KEYCOPY)
+		hashp->keycopy = info->keycopy;
+	else if (hashp->hash == string_hash)
+		hashp->keycopy = (HashCopyFunc) strncpy;
+	else
+		hashp->keycopy = memcpy;
+
 	if (flags & HASH_ALLOC)
 		hashp->alloc = info->alloc;
 	else
@@ -650,7 +660,7 @@ hash_search(HTAB *hashp,

 			/* copy key into record */
 			currBucket->hashvalue = hashvalue;
-			memcpy(ELEMENTKEY(currBucket), keyPtr, hctl->keysize);
+			hashp->keycopy(ELEMENTKEY(currBucket), keyPtr, keysize);

 			/* caller is expected to fill the data field on return */