NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit2e70d6b

committed

Teach libpq to detect integer overflow in the row count of a PGresult.

Adding more than 1 billion rows to a PGresult would overflow its ntups andtupArrSize fields, leading to client crashes. It'd be desirable to usewider fields on 64-bit machines, but because all of libpq's external APIsuse plain "int" for row counters, that's going to be hard to accomplishwithout an ABI break. Given the lack of complaints so far, and the generalpain that would be involved in using such huge PGresults, let's settle forjust preventing the overflow and reporting a useful error message if itdoes happen. Also, for a couple more lines of code we can increase thethreshold of trouble from INT_MAX/2 to INT_MAX rows.To do that, refactor pqAddTuple() to allow returning an error message thatreplaces the default assumption that it failed because of out-of-memory.Along the way, fix PQsetvalue() so that it reports all failures viapqInternalNotice(). It already did so in the case of bad field number,but neglected to report anything for other error causes.Because of the potential for crashes, this seems like a back-patchablebug fix, despite the lack of field reports.Michael Paquier, per a complaint from Igor Korot.Discussion:https://postgr.es/m/CA+FnnTxyLWyjY1goewmJNxC==HQCCF4fKkoCTa9qR36oRAHDPw@mail.gmail.com

1 parentbf11e7e commit2e70d6bCopy full SHA for 2e70d6b

File tree

1 file changed

+60

-9

lines changed

src/interfaces/libpq
- fe-exec.c

1 file changed

+60

-9

lines changed

`‎src/interfaces/libpq/fe-exec.c`

Lines changed: 60 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`
`17`	`17`	`#include<ctype.h>`
`18`	`18`	`#include<fcntl.h>`
	`19`	`+#include<limits.h>`
`19`	`20`
`20`	`21`	`#include"libpq-fe.h"`
`21`	`22`	`#include"libpq-int.h"`
`@@ -51,7 +52,8 @@ static bool static_std_strings = false;`
`51`	`52`
`52`	`53`
`53`	`54`	`staticPGEventdupEvents(PGEventevents,intcount);`
`54`		`-staticboolpqAddTuple(PGresultres,PGresAttValuetup);`
	`55`	`+staticboolpqAddTuple(PGresultres,PGresAttValuetup,`
	`56`	`+constchar**errmsgp);`
`55`	`57`	`staticboolPQsendQueryStart(PGconn*conn);`
`56`	`58`	`staticintPQsendQueryGuts(PGconn*conn,`
`57`	`59`	`constchar*command,`
`@@ -416,18 +418,26 @@ dupEvents(PGEvent *events, int count)`
`416`	`418`	`* equal to PQntuples(res). If it is equal, a new tuple is created and`
`417`	`419`	`* added to the result.`
`418`	`420`	`* Returns a non-zero value for success and zero for failure.`
	`421`	`+ * (On failure, we report the specific problem via pqInternalNotice.)`
`419`	`422`	`*/`
`420`	`423`	`int`
`421`	`424`	`PQsetvalue(PGresultres,inttup_num,intfield_num,charvalue,intlen)`
`422`	`425`	`{`
`423`	`426`	`PGresAttValue*attval;`
	`427`	`+constchar*errmsg=NULL;`
`424`	`428`
	`429`	`+/* Note that this check also protects us against null "res" */`
`425`	`430`	`if (!check_field_number(res,field_num))`
`426`	`431`	`return FALSE;`
`427`	`432`
`428`	`433`	`/* Invalid tup_num, must be <= ntups */`
`429`	`434`	`if (tup_num<0\|\|tup_num>res->ntups)`
	`435`	`+{`
	`436`	`+pqInternalNotice(&res->noticeHooks,`
	`437`	`+"row number %d is out of range 0..%d",`
	`438`	`+tup_num,res->ntups);`
`430`	`439`	`return FALSE;`
	`440`	`+}`
`431`	`441`
`432`	`442`	`/* need to allocate a new tuple? */`
`433`	`443`	`if (tup_num==res->ntups)`
`@@ -440,7 +450,7 @@ PQsetvalue(PGresult res, int tup_num, int field_num, char value, int len)`
`440`	`450`	`TRUE);`
`441`	`451`
`442`	`452`	`if (!tup)`
`443`		`-return FALSE;`
	`453`	`+gotofail;`
`444`	`454`
`445`	`455`	`/* initialize each column to NULL */`
`446`	`456`	`for (i=0;i<res->numAttributes;i++)`
`@@ -450,8 +460,8 @@ PQsetvalue(PGresult res, int tup_num, int field_num, char value, int len)`
`450`	`460`	`}`
`451`	`461`
`452`	`462`	`/* add it to the array */`
`453`		`-if (!pqAddTuple(res,tup))`
`454`		`-return FALSE;`
	`463`	`+if (!pqAddTuple(res,tup,&errmsg))`
	`464`	`+gotofail;`
`455`	`465`	`}`
`456`	`466`
`457`	`467`	`attval=&res->tuples[tup_num][field_num];`
`@@ -471,13 +481,24 @@ PQsetvalue(PGresult res, int tup_num, int field_num, char value, int len)`
`471`	`481`	`{`
`472`	`482`	`attval->value= (char*)pqResultAlloc(res,len+1, TRUE);`
`473`	`483`	`if (!attval->value)`
`474`		`-return FALSE;`
	`484`	`+gotofail;`
`475`	`485`	`attval->len=len;`
`476`	`486`	`memcpy(attval->value,value,len);`
`477`	`487`	`attval->value[len]='\0';`
`478`	`488`	`}`
`479`	`489`
`480`	`490`	`return TRUE;`
	`491`	`+`
	`492`	`+/*`
	`493`	`+ * Report failure via pqInternalNotice. If preceding code didn't provide`
	`494`	`+ * an error message, assume "out of memory" was meant.`
	`495`	`+ */`
	`496`	`+fail:`
	`497`	`+if (!errmsg)`
	`498`	`+errmsg=libpq_gettext("out of memory");`
	`499`	`+pqInternalNotice(&res->noticeHooks,"%s",errmsg);`
	`500`	`+`
	`501`	`+return FALSE;`
`481`	`502`	`}`
`482`	`503`
`483`	`504`	`/*`
`@@ -847,10 +868,13 @@ pqInternalNotice(const PGNoticeHooks hooks, const char fmt,...)`
`847`	`868`	`/*`
`848`	`869`	`* pqAddTuple`
`849`	`870`	`* add a row pointer to the PGresult structure, growing it if necessary`
`850`		`- * Returns TRUE if OK, FALSE if not enough memory to add the row`
	`871`	`+ * Returns TRUE if OK, FALSE if an error prevented adding the row`
	`872`	`+ *`
	`873`	`+ * On error, *errmsgp can be set to an error string to be returned.`
	`874`	`+ * If it is left NULL, the error is presumed to be "out of memory".`
`851`	`875`	`*/`
`852`	`876`	`staticbool`
`853`		`-pqAddTuple(PGresultres,PGresAttValuetup)`
	`877`	`+pqAddTuple(PGresultres,PGresAttValuetup,constchar**errmsgp)`
`854`	`878`	`{`
`855`	`879`	`if (res->ntups >=res->tupArrSize)`
`856`	`880`	`{`
`@@ -865,9 +889,36 @@ pqAddTuple(PGresult res, PGresAttValue tup)`
`865`	`889`	`* existing allocation. Note that the positions beyond res->ntups are`
`866`	`890`	`* garbage, not necessarily NULL.`
`867`	`891`	`*/`
`868`		`-intnewSize= (res->tupArrSize>0) ?res->tupArrSize*2 :128;`
	`892`	`+intnewSize;`
`869`	`893`	`PGresAttValue**newTuples;`
`870`	`894`
	`895`	`+/*`
	`896`	`+ * Since we use integers for row numbers, we can't support more than`
	`897`	`+ * INT_MAX rows. Make sure we allow that many, though.`
	`898`	`+ */`
	`899`	`+if (res->tupArrSize <=INT_MAX /2)`
	`900`	`+newSize= (res->tupArrSize>0) ?res->tupArrSize*2 :128;`
	`901`	`+elseif (res->tupArrSize<INT_MAX)`
	`902`	`+newSize=INT_MAX;`
	`903`	`+else`
	`904`	`+{`
	`905`	`+*errmsgp=libpq_gettext("PGresult cannot support more than INT_MAX tuples");`
	`906`	`+return FALSE;`
	`907`	`+}`
	`908`	`+`
	`909`	`+/*`
	`910`	`+ * Also, on 32-bit platforms we could, in theory, overflow size_t even`
	`911`	`+ * before newSize gets to INT_MAX. (In practice we'd doubtless hit`
	`912`	`+ * OOM long before that, but let's check.)`
	`913`	`+ */`
	`914`	`+#ifINT_MAX >= (SIZE_MAX /2)`
	`915`	`+if (newSize>SIZE_MAX /sizeof(PGresAttValue*))`
	`916`	`+{`
	`917`	`+*errmsgp=libpq_gettext("size_t overflow");`
	`918`	`+return FALSE;`
	`919`	`+}`
	`920`	`+#endif`
	`921`	`+`
`871`	`922`	`if (res->tuples==NULL)`
`872`	`923`	`newTuples= (PGresAttValue**)`
`873`	`924`	`malloc(newSizesizeof(PGresAttValue));`
`@@ -1093,7 +1144,7 @@ pqRowProcessor(PGconn conn, const char *errmsgp)`
`1093`	`1144`	`}`
`1094`	`1145`
`1095`	`1146`	`/* And add the tuple to the PGresult's tuple array */`
`1096`		`-if (!pqAddTuple(res,tup))`
	`1147`	`+if (!pqAddTuple(res,tup,errmsgp))`
`1097`	`1148`	`gotofail;`
`1098`	`1149`
`1099`	`1150`	`/*`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2e70d6b

File tree

1 file changed

1 file changed

`‎src/interfaces/libpq/fe-exec.c`

0 commit comments