Use StrNCpy not strncpy to fill hash key, to ensure the resulting key

is null-terminated. I think this is not a real bug because the parser would always have truncated the identifier to NAMEDATALEN-1 already, but let's be safe. Per report from Klocwork.
2004-12-03 21:26:52 +00:00 · 2004-12-03 21:26:52 +00:00 · de68155298
commit de68155298
parent 8d424b3217
1 changed files with 3 additions and 5 deletions
--- a/src/backend/commands/prepare.c
+++ b/src/backend/commands/prepare.c
@ -10,7 +10,7 @@
 * Copyright (c) 2002-2003, PostgreSQL Global Development Group
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/prepare.c,v 1.23 2003/08/08 21:41:32 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/prepare.c,v 1.23.4.1 2004/12/03 21:26:52 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -297,8 +297,7 @@ StorePreparedStatement(const char *stmt_name,
 	/* Check for pre-existing entry of same name */
 	/* See notes in FetchPreparedStatement */
-	MemSet(key, 0, sizeof(key));
+	StrNCpy(key, stmt_name, sizeof(key));
 	strncpy(key, stmt_name, sizeof(key));
 	hash_search(prepared_queries, key, HASH_FIND, &found);
@ -371,8 +370,7 @@ FetchPreparedStatement(const char *stmt_name, bool throwError)
 		 * the hash package is picky enough that it needs to be
 		 * NULL-padded out to the appropriate length to work correctly.
 		 */
-		MemSet(key, 0, sizeof(key));
+		StrNCpy(key, stmt_name, sizeof(key));
 		strncpy(key, stmt_name, sizeof(key));
 		entry = (PreparedStatement *) hash_search(prepared_queries,
 												  key,