NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit4ca7a2d

committed

Make replace(), split_part(), and string_to_array() behave somewhat sanely

when handed an invalidly-encoded pattern. The previous coding could getinto an infinite loop if pg_mb2wchar_with_len() returned a zero-lengthstring after we'd tested for nonempty pattern; which is exactly what itwill do if the string consists only of an incomplete multibyte character.This led to either an out-of-memory error or a backend crash dependingon platform. Per report from Wiktor Wodecki.

1 parent0e5b4f0 commit4ca7a2dCopy full SHA for 4ca7a2d

File tree

1 file changed

+53

-14

lines changed

src/backend/utils/adt
- varlena.c

1 file changed

+53

-14

lines changed

`‎src/backend/utils/adt/varlena.c`

Lines changed: 53 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/utils/adt/varlena.c,v 1.156 2007/04/06 04:21:43 tgl Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/utils/adt/varlena.c,v 1.157 2007/07/19 20:34:20 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -2111,8 +2111,8 @@ replace_text(PG_FUNCTION_ARGS)`
`2111`	`2111`	`text*src_text=PG_GETARG_TEXT_P(0);`
`2112`	`2112`	`text*from_sub_text=PG_GETARG_TEXT_P(1);`
`2113`	`2113`	`text*to_sub_text=PG_GETARG_TEXT_P(2);`
`2114`		`-intsrc_text_len=TEXTLEN(src_text);`
`2115`		`-intfrom_sub_text_len=TEXTLEN(from_sub_text);`
	`2114`	`+intsrc_text_len;`
	`2115`	`+intfrom_sub_text_len;`
`2116`	`2116`	`TextPositionStatestate;`
`2117`	`2117`	`text*ret_text;`
`2118`	`2118`	`intstart_posn;`
`@@ -2121,11 +2121,22 @@ replace_text(PG_FUNCTION_ARGS)`
`2121`	`2121`	`char*start_ptr;`
`2122`	`2122`	`StringInfoDatastr;`
`2123`	`2123`
`2124`		`-if (src_text_len==0\|\|from_sub_text_len==0)`
`2125`		`-PG_RETURN_TEXT_P(src_text);`
`2126`		`-`
`2127`	`2124`	`text_position_setup(src_text,from_sub_text,&state);`
`2128`	`2125`
	`2126`	`+/*`
	`2127`	`+ * Note: we check the converted string length, not the original, because`
	`2128`	`+ * they could be different if the input contained invalid encoding.`
	`2129`	`+ */`
	`2130`	`+src_text_len=state.len1;`
	`2131`	`+from_sub_text_len=state.len2;`
	`2132`	`+`
	`2133`	`+/* Return unmodified source string if empty source or pattern */`
	`2134`	`+if (src_text_len<1\|\|from_sub_text_len<1)`
	`2135`	`+{`
	`2136`	`+text_position_cleanup(&state);`
	`2137`	`+PG_RETURN_TEXT_P(src_text);`
	`2138`	`+}`
	`2139`	`+`
`2129`	`2140`	`start_posn=1;`
`2130`	`2141`	`curr_posn=text_position_next(1,&state);`
`2131`	`2142`
`@@ -2143,6 +2154,8 @@ replace_text(PG_FUNCTION_ARGS)`
`2143`	`2154`
`2144`	`2155`	`do`
`2145`	`2156`	`{`
	`2157`	`+CHECK_FOR_INTERRUPTS();`
	`2158`	`+`
`2146`	`2159`	`/* copy the data skipped over by last text_position_next() */`
`2147`	`2160`	`chunk_len=charlen_to_bytelen(start_ptr,curr_posn-start_posn);`
`2148`	`2161`	`appendBinaryStringInfo(&str,start_ptr,chunk_len);`
`@@ -2449,8 +2462,8 @@ split_text(PG_FUNCTION_ARGS)`
`2449`	`2462`	`text*inputstring=PG_GETARG_TEXT_P(0);`
`2450`	`2463`	`text*fldsep=PG_GETARG_TEXT_P(1);`
`2451`	`2464`	`intfldnum=PG_GETARG_INT32(2);`
`2452`		`-intinputstring_len=TEXTLEN(inputstring);`
`2453`		`-intfldsep_len=TEXTLEN(fldsep);`
	`2465`	`+intinputstring_len;`
	`2466`	`+intfldsep_len;`
`2454`	`2467`	`TextPositionStatestate;`
`2455`	`2468`	`intstart_posn;`
`2456`	`2469`	`intend_posn;`
`@@ -2462,22 +2475,33 @@ split_text(PG_FUNCTION_ARGS)`
`2462`	`2475`	`(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`2463`	`2476`	`errmsg("field position must be greater than zero")));`
`2464`	`2477`
	`2478`	`+text_position_setup(inputstring,fldsep,&state);`
	`2479`	`+`
	`2480`	`+/*`
	`2481`	`+ * Note: we check the converted string length, not the original, because`
	`2482`	`+ * they could be different if the input contained invalid encoding.`
	`2483`	`+ */`
	`2484`	`+inputstring_len=state.len1;`
	`2485`	`+fldsep_len=state.len2;`
	`2486`	`+`
`2465`	`2487`	`/* return empty string for empty input string */`
`2466`	`2488`	`if (inputstring_len<1)`
	`2489`	`+{`
	`2490`	`+text_position_cleanup(&state);`
`2467`	`2491`	`PG_RETURN_TEXT_P(PG_STR_GET_TEXT(""));`
	`2492`	`+}`
`2468`	`2493`
`2469`	`2494`	`/* empty field separator */`
`2470`	`2495`	`if (fldsep_len<1)`
`2471`	`2496`	`{`
	`2497`	`+text_position_cleanup(&state);`
`2472`	`2498`	`/* if first field, return input string, else empty string */`
`2473`	`2499`	`if (fldnum==1)`
`2474`	`2500`	`PG_RETURN_TEXT_P(inputstring);`
`2475`	`2501`	`else`
`2476`	`2502`	`PG_RETURN_TEXT_P(PG_STR_GET_TEXT(""));`
`2477`	`2503`	`}`
`2478`	`2504`
`2479`		`-text_position_setup(inputstring,fldsep,&state);`
`2480`		`-`
`2481`	`2505`	`/* identify bounds of first field */`
`2482`	`2506`	`start_posn=1;`
`2483`	`2507`	`end_posn=text_position_next(1,&state);`
`@@ -2537,8 +2561,8 @@ text_to_array(PG_FUNCTION_ARGS)`
`2537`	`2561`	`{`
`2538`	`2562`	`text*inputstring=PG_GETARG_TEXT_P(0);`
`2539`	`2563`	`text*fldsep=PG_GETARG_TEXT_P(1);`
`2540`		`-intinputstring_len=TEXTLEN(inputstring);`
`2541`		`-intfldsep_len=TEXTLEN(fldsep);`
	`2564`	`+intinputstring_len;`
	`2565`	`+intfldsep_len;`
`2542`	`2566`	`TextPositionStatestate;`
`2543`	`2567`	`intfldnum;`
`2544`	`2568`	`intstart_posn;`
`@@ -2548,26 +2572,41 @@ text_to_array(PG_FUNCTION_ARGS)`
`2548`	`2572`	`text*result_text;`
`2549`	`2573`	`ArrayBuildState*astate=NULL;`
`2550`	`2574`
	`2575`	`+text_position_setup(inputstring,fldsep,&state);`
	`2576`	`+`
	`2577`	`+/*`
	`2578`	`+ * Note: we check the converted string length, not the original, because`
	`2579`	`+ * they could be different if the input contained invalid encoding.`
	`2580`	`+ */`
	`2581`	`+inputstring_len=state.len1;`
	`2582`	`+fldsep_len=state.len2;`
	`2583`	`+`
`2551`	`2584`	`/* return NULL for empty input string */`
`2552`	`2585`	`if (inputstring_len<1)`
	`2586`	`+{`
	`2587`	`+text_position_cleanup(&state);`
`2553`	`2588`	`PG_RETURN_NULL();`
	`2589`	`+}`
`2554`	`2590`
`2555`	`2591`	`/*`
`2556`	`2592`	`* empty field separator return one element, 1D, array using the input`
`2557`	`2593`	`* string`
`2558`	`2594`	`*/`
`2559`	`2595`	`if (fldsep_len<1)`
	`2596`	`+{`
	`2597`	`+text_position_cleanup(&state);`
`2560`	`2598`	`PG_RETURN_ARRAYTYPE_P(create_singleton_array(fcinfo,TEXTOID,`
`2561`	`2599`	`PointerGetDatum(inputstring),1));`
`2562`		`-`
`2563`		`-text_position_setup(inputstring,fldsep,&state);`
	`2600`	`+}`
`2564`	`2601`
`2565`	`2602`	`start_posn=1;`
`2566`	`2603`	`/* start_ptr points to the start_posn'th character of inputstring */`
`2567`	`2604`	`start_ptr= (char*)VARDATA(inputstring);`
`2568`	`2605`
`2569`	`2606`	`for (fldnum=1;;fldnum++)/* field number is 1 based */`
`2570`	`2607`	`{`
	`2608`	`+CHECK_FOR_INTERRUPTS();`
	`2609`	`+`
`2571`	`2610`	`end_posn=text_position_next(start_posn,&state);`
`2572`	`2611`
`2573`	`2612`	`if (end_posn==0)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4ca7a2d

File tree

1 file changed

1 file changed

`‎src/backend/utils/adt/varlena.c`

0 commit comments