While investigating a user's complaint, I have found some memory

destructions in 6.4 source using purify.

(1) parser/gram.y:fmtId()

It writes n+3 bytes into n+1 byte-long memory area if mixed case or
non-ascii identifiers given.

(2) catalog/index.c:

ATTRIBUTE_TUPLE_SIZE bytes are allocated but
sizeof(FormData_pg_attribute) bytes are written. Note that
ATTRIBUTE_TUPLE_SIZE is smaller than
sizeof(FormData_pg_attribute). (for example, on solaris 2.6,

Tatsuo Ishii

Author: bmomjian

src/backend/catalog/index.c

@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/catalog/index.c,v 1.64 1998/11/27 19:51:49 vadim Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/catalog/index.c,v 1.65 1998/12/13 04:37:50 momjian Exp $
  *
  *
  * INTERFACE ROUTINES
@@ -649,7 +649,7 @@ AppendAttributeTuples(Relation indexRelation, int numatts)
 	value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);
 
 	init_tuple = heap_addheader(Natts_pg_attribute,
-								sizeof *(indexRelation->rd_att->attrs[0]),
+				    ATTRIBUTE_TUPLE_SIZE,
 							 (char *) (indexRelation->rd_att->attrs[0]));
 
 	hasind = false;
@@ -689,7 +689,7 @@ AppendAttributeTuples(Relation indexRelation, int numatts)
 		 */
 		memmove(GETSTRUCT(cur_tuple),
 				(char *) indexTupDesc->attrs[i],
-				sizeof(FormData_pg_attribute));
+			        ATTRIBUTE_TUPLE_SIZE);
 
 		value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
 

src/backend/parser/gram.y

@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.38 1998/12/04 15:34:29 thomas Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.39 1998/12/13 04:37:51 momjian Exp $
  *
  * HISTORY
  *	  AUTHOR			DATE			MAJOR EVENT
@@ -5224,7 +5224,7 @@ fmtId(char *rawid)
 		if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;
 
 	if (*cp != '\0') {
-		cp = palloc(strlen(rawid)+1);
+		cp = palloc(strlen(rawid)+3);
 		strcpy(cp,"\"");
 		strcat(cp,rawid);
 		strcat(cp,"\"");