Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit30cb128

Browse files
committed
Prevent stack overflow in container-type functions.
A range type can name another range type as its subtype, and a recordtype can bear a column of another record type. Consequently, functionslike range_cmp() and record_recv() are recursive. Functions at riskinclude operator family members and referents of pg_type regproccolumns. Treat as recursive any such function that looks up and callsthe same-purpose function for a record column type or the range subtype.Back-patch to 9.0 (all supported versions).An array type's element type is never itself an array type, so arrayfunctions are unaffected. Recursion depth proportional to arraydimensionality, found in array_dim_to_jsonb(), is fine thanks to MAXDIM.
1 parent08fa47c commit30cb128

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

‎src/backend/utils/adt/rangetypes.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
#include"access/hash.h"
3434
#include"lib/stringinfo.h"
3535
#include"libpq/pqformat.h"
36+
#include"miscadmin.h"
3637
#include"utils/builtins.h"
3738
#include"utils/date.h"
3839
#include"utils/int8.h"
@@ -89,6 +90,8 @@ range_in(PG_FUNCTION_ARGS)
8990
RangeBoundlower;
9091
RangeBoundupper;
9192

93+
check_stack_depth();/* recurses when subtype is a range type */
94+
9295
cache=get_range_io_data(fcinfo,rngtypoid,IOFunc_input);
9396

9497
/* parse */
@@ -128,6 +131,8 @@ range_out(PG_FUNCTION_ARGS)
128131
RangeBoundupper;
129132
boolempty;
130133

134+
check_stack_depth();/* recurses when subtype is a range type */
135+
131136
cache=get_range_io_data(fcinfo,RangeTypeGetOid(range),IOFunc_output);
132137

133138
/* deserialize */
@@ -165,6 +170,8 @@ range_recv(PG_FUNCTION_ARGS)
165170
RangeBoundlower;
166171
RangeBoundupper;
167172

173+
check_stack_depth();/* recurses when subtype is a range type */
174+
168175
cache=get_range_io_data(fcinfo,rngtypoid,IOFunc_receive);
169176

170177
/* receive the flags... */
@@ -245,6 +252,8 @@ range_send(PG_FUNCTION_ARGS)
245252
RangeBoundupper;
246253
boolempty;
247254

255+
check_stack_depth();/* recurses when subtype is a range type */
256+
248257
cache=get_range_io_data(fcinfo,RangeTypeGetOid(range),IOFunc_send);
249258

250259
/* deserialize */
@@ -1142,6 +1151,8 @@ range_cmp(PG_FUNCTION_ARGS)
11421151
empty2;
11431152
intcmp;
11441153

1154+
check_stack_depth();/* recurses when subtype is a range type */
1155+
11451156
/* Different types should be prevented by ANYRANGE matching rules */
11461157
if (RangeTypeGetOid(r1)!=RangeTypeGetOid(r2))
11471158
elog(ERROR,"range types do not match");
@@ -1221,6 +1232,8 @@ hash_range(PG_FUNCTION_ARGS)
12211232
uint32lower_hash;
12221233
uint32upper_hash;
12231234

1235+
check_stack_depth();/* recurses when subtype is a range type */
1236+
12241237
typcache=range_get_typcache(fcinfo,RangeTypeGetOid(r));
12251238

12261239
/* deserialize */

‎src/backend/utils/adt/rowtypes.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
#include"catalog/pg_type.h"
2222
#include"funcapi.h"
2323
#include"libpq/pqformat.h"
24+
#include"miscadmin.h"
2425
#include"utils/builtins.h"
2526
#include"utils/lsyscache.h"
2627
#include"utils/typcache.h"
@@ -86,6 +87,8 @@ record_in(PG_FUNCTION_ARGS)
8687
bool*nulls;
8788
StringInfoDatabuf;
8889

90+
check_stack_depth();/* recurses for record-type columns */
91+
8992
/*
9093
* Give a friendly error message if we did not get enough info to identify
9194
* the target record type. (lookup_rowtype_tupdesc would fail anyway, but
@@ -309,6 +312,8 @@ record_out(PG_FUNCTION_ARGS)
309312
bool*nulls;
310313
StringInfoDatabuf;
311314

315+
check_stack_depth();/* recurses for record-type columns */
316+
312317
/* Extract type info from the tuple itself */
313318
tupType=HeapTupleHeaderGetTypeId(rec);
314319
tupTypmod=HeapTupleHeaderGetTypMod(rec);
@@ -458,6 +463,8 @@ record_recv(PG_FUNCTION_ARGS)
458463
Datum*values;
459464
bool*nulls;
460465

466+
check_stack_depth();/* recurses for record-type columns */
467+
461468
/*
462469
* Give a friendly error message if we did not get enough info to identify
463470
* the target record type. (lookup_rowtype_tupdesc would fail anyway, but
@@ -650,6 +657,8 @@ record_send(PG_FUNCTION_ARGS)
650657
bool*nulls;
651658
StringInfoDatabuf;
652659

660+
check_stack_depth();/* recurses for record-type columns */
661+
653662
/* Extract type info from the tuple itself */
654663
tupType=HeapTupleHeaderGetTypeId(rec);
655664
tupTypmod=HeapTupleHeaderGetTypMod(rec);
@@ -793,6 +802,8 @@ record_cmp(FunctionCallInfo fcinfo)
793802
inti2;
794803
intj;
795804

805+
check_stack_depth();/* recurses for record-type columns */
806+
796807
/* Extract type info from the tuples */
797808
tupType1=HeapTupleHeaderGetTypeId(record1);
798809
tupTypmod1=HeapTupleHeaderGetTypMod(record1);
@@ -1029,6 +1040,8 @@ record_eq(PG_FUNCTION_ARGS)
10291040
inti2;
10301041
intj;
10311042

1043+
check_stack_depth();/* recurses for record-type columns */
1044+
10321045
/* Extract type info from the tuples */
10331046
tupType1=HeapTupleHeaderGetTypeId(record1);
10341047
tupTypmod1=HeapTupleHeaderGetTypMod(record1);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp