Commit793704d

Jan Wieck

authored and

Jan Wieck

committed

Some security checks that we've found an external value completely

when fetching toasted values.Jan

1 parentf3e5d86 commit793704dCopy full SHA for 793704d

File tree

1 file changed

+34

-2

lines changed

src/backend/access/heap
- tuptoaster.c

1 file changed

+34

-2

lines changed

`‎src/backend/access/heap/tuptoaster.c`

Lines changed: 34 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/access/heap/tuptoaster.c,v 1.6 2000/07/06 18:22:45 wieck Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/access/heap/tuptoaster.c,v 1.7 2000/07/11 12:32:03 wieck Exp $`
`12`	`12`	`*`
`13`	`13`	`*`
`14`	`14`	`* INTERFACE ROUTINES`
`@@ -929,9 +929,17 @@ toast_fetch_datum(varattrib *attr)`
`929`	`929`	`Datumchunk;`
`930`	`930`	`boolisnull;`
`931`	`931`
	`932`	`+char*chunks_found;`
	`933`	`+char*chunks_expected;`
	`934`	`+`
`932`	`935`	`ressize=attr->va_content.va_external.va_extsize;`
`933`	`936`	`numchunks= (ressize /TOAST_MAX_CHUNK_SIZE)+1;`
`934`	`937`
	`938`	`+chunks_found=palloc(numchunks);`
	`939`	`+chunks_expected=palloc(numchunks);`
	`940`	`+memset(chunks_found,0,numchunks);`
	`941`	`+memset(chunks_expected,1,numchunks);`
	`942`	`+`
`935`	`943`	`result= (varattrib*)palloc(ressize+VARHDRSZ);`
`936`	`944`	`VARATT_SIZEP(result)=ressize+VARHDRSZ;`
`937`	`945`	`if (VARATT_IS_COMPRESSED(attr))`
`@@ -971,7 +979,7 @@ toast_fetch_datum(varattrib *attr)`
`971`	`979`	`heap_fetch(toastrel,SnapshotAny,&toasttup,&buffer);`
`972`	`980`	`pfree(indexRes);`
`973`	`981`
`974`		`-if (!toasttup.t_data)`
	`982`	`+if (toasttup.t_data==NULL)`
`975`	`983`	`continue;`
`976`	`984`	`ttup=&toasttup;`
`977`	`985`
`@@ -982,6 +990,20 @@ toast_fetch_datum(varattrib *attr)`
`982`	`990`	`residx= (int32)heap_getattr(ttup,2,toasttupDesc,&isnull);`
`983`	`991`	`chunk=heap_getattr(ttup,3,toasttupDesc,&isnull);`
`984`	`992`
	`993`	`+/* ----------`
	`994`	`+ * Some checks on the data we've found`
	`995`	`+ * ----------`
	`996`	`+ */`
	`997`	`+if (residx*TOAST_MAX_CHUNK_SIZE+VARATT_SIZE(chunk)-VARHDRSZ`
	`998`	`+>ressize)`
	`999`	`+elog(ERROR,"chunk data exceeds original data size for "`
	`1000`	`+"toast value %d",`
	`1001`	`+attr->va_content.va_external.va_valueid);`
	`1002`	`+if (chunks_found[residx]++>0)`
	`1003`	`+elog(ERROR,"chunk %d for toast value %d appears multiple times",`
	`1004`	`+residx,`
	`1005`	`+attr->va_content.va_external.va_valueid);`
	`1006`	`+`
`985`	`1007`	`/* ----------`
`986`	`1008`	`* Copy the data into our result`
`987`	`1009`	`* ----------`
`@@ -993,6 +1015,16 @@ toast_fetch_datum(varattrib *attr)`
`993`	`1015`	`ReleaseBuffer(buffer);`
`994`	`1016`	`}`
`995`	`1017`
	`1018`	`+/* ----------`
	`1019`	`+ * Final checks that we successfully fetched the datum`
	`1020`	`+ * ----------`
	`1021`	`+ */`
	`1022`	`+if (memcmp(chunks_found,chunks_expected,numchunks)!=0)`
	`1023`	`+elog(ERROR,"not all toast chunks found for value %d",`
	`1024`	`+attr->va_content.va_external.va_valueid);`
	`1025`	`+pfree(chunks_expected);`
	`1026`	`+pfree(chunks_found);`
	`1027`	`+`
`996`	`1028`	`/* ----------`
`997`	`1029`	`* End scan and close relations`
`998`	`1030`	`* ----------`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit793704d

File tree

1 file changed

1 file changed

`‎src/backend/access/heap/tuptoaster.c`

0 commit comments