NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitad5fe74

committed

Fix oversights in array manipulation.

The nested-arrays code path in ExecEvalArrayExpr() used palloc toallocate the result array, whereas every other array-creating functionhas used palloc0 since18c0b4e. This mostly works, but unused bitspast the end of the nulls bitmap may end up undefined. That causesvalgrind complaints with -DWRITE_READ_PARSE_PLAN_TREES, and couldcause planner misbehavior as cited in18c0b4e. There seems no verygood reason why we should strive to avoid palloc0 in just this one case,so fix it the easy way with s/palloc/palloc0/.While looking at that I noted that we also failed to check for overflowof "nbytes" and "nitems" while summing the sizes of the sub-arrays,potentially allowing a crash due to undersized output allocation.For "nbytes", follow the policy used by other array-munging code ofchecking for overflow after each addition. (As elsewhere, the lastaddition of the array's overhead space doesn't need an extra check,since palloc itself will catch a value between 1Gb and 2Gb.)For "nitems", there's no very good reason to sum the inputs at all,since we can perfectly well use ArrayGetNItems' result instead ofignoring it.Per discussion of this bug, also remove redundant zeroing of thenulls bitmap in array_set_element and array_set_slice.Patch by Alexander Lakhin and myself, per bug #17858 from AlexanderLakhin; thanks also to Richard Guo. These bugs are a dozen years old,so back-patch to all supported branches.Discussion:https://postgr.es/m/17858-8fd287fd3663d051@postgresql.org

1 parent0f2d4ad commitad5fe74Copy full SHA for ad5fe74

File tree

2 files changed

+11

-8

lines changed

src/backend
- executor
  - execExprInterp.c
- utils/adt
  - arrayfuncs.c

2 files changed

+11

-8

lines changed

`‎src/backend/executor/execExprInterp.c`

Lines changed: 9 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -2608,7 +2608,7 @@ ExecEvalArrayExpr(ExprState state, ExprEvalStep op)`
`2608`	`2608`	`{`
`2609`	`2609`	`/* Must be nested array expressions */`
`2610`	`2610`	`intnbytes=0;`
`2611`		`-intnitems=0;`
	`2611`	`+intnitems;`
`2612`	`2612`	`intouter_nelems=0;`
`2613`	`2613`	`intelem_ndims=0;`
`2614`	`2614`	`int*elem_dims=NULL;`
`@@ -2705,9 +2705,14 @@ ExecEvalArrayExpr(ExprState state, ExprEvalStep op)`
`2705`	`2705`	`subbitmaps[outer_nelems]=ARR_NULLBITMAP(array);`
`2706`	`2706`	`subbytes[outer_nelems]=ARR_SIZE(array)-ARR_DATA_OFFSET(array);`
`2707`	`2707`	`nbytes+=subbytes[outer_nelems];`
	`2708`	`+/* check for overflow of total request */`
	`2709`	`+if (!AllocSizeIsValid(nbytes))`
	`2710`	`+ereport(ERROR,`
	`2711`	`+(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),`
	`2712`	`+errmsg("array size exceeds the maximum allowed (%d)",`
	`2713`	`+(int)MaxAllocSize)));`
`2708`	`2714`	`subnitems[outer_nelems]=ArrayGetNItems(this_ndims,`
`2709`	`2715`	`ARR_DIMS(array));`
`2710`		`-nitems+=subnitems[outer_nelems];`
`2711`	`2716`	`havenulls \|=ARR_HASNULL(array);`
`2712`	`2717`	`outer_nelems++;`
`2713`	`2718`	`}`
`@@ -2741,7 +2746,7 @@ ExecEvalArrayExpr(ExprState state, ExprEvalStep op)`
`2741`	`2746`	`}`
`2742`	`2747`
`2743`	`2748`	`/* check for subscript overflow */`
`2744`		`-(void)ArrayGetNItems(ndims,dims);`
	`2749`	`+nitems=ArrayGetNItems(ndims,dims);`
`2745`	`2750`	`ArrayCheckBounds(ndims,dims,lbs);`
`2746`	`2751`
`2747`	`2752`	`if (havenulls)`
`@@ -2755,7 +2760,7 @@ ExecEvalArrayExpr(ExprState state, ExprEvalStep op)`
`2755`	`2760`	`nbytes+=ARR_OVERHEAD_NONULLS(ndims);`
`2756`	`2761`	`}`
`2757`	`2762`
`2758`		`-result= (ArrayType*)palloc(nbytes);`
	`2763`	`+result= (ArrayType*)palloc0(nbytes);`
`2759`	`2764`	`SET_VARSIZE(result,nbytes);`
`2760`	`2765`	`result->ndim=ndims;`
`2761`	`2766`	`result->dataoffset=dataoffset;`

`‎src/backend/utils/adt/arrayfuncs.c`

Lines changed: 2 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -2435,8 +2435,7 @@ array_set_element(Datum arraydatum,`
`2435`	`2435`	`{`
`2436`	`2436`	`bits8*newnullbitmap=ARR_NULLBITMAP(newarray);`
`2437`	`2437`
`2438`		`-/* Zero the bitmap to take care of marking inserted positions null */`
`2439`		`-MemSet(newnullbitmap,0, (newnitems+7) /8);`
	`2438`	`+/* palloc0 above already marked any inserted positions as nulls */`
`2440`	`2439`	`/* Fix the inserted value */`
`2441`	`2440`	`if (addedafter)`
`2442`	`2441`	`array_set_isnull(newnullbitmap,newnitems-1,isNull);`
`@@ -3048,8 +3047,7 @@ array_set_slice(Datum arraydatum,`
`3048`	`3047`	`bits8*newnullbitmap=ARR_NULLBITMAP(newarray);`
`3049`	`3048`	`bits8*oldnullbitmap=ARR_NULLBITMAP(array);`
`3050`	`3049`
`3051`		`-/* Zero the bitmap to handle marking inserted positions null */`
`3052`		`-MemSet(newnullbitmap,0, (nitems+7) /8);`
	`3050`	`+/* palloc0 above already marked any inserted positions as nulls */`
`3053`	`3051`	`array_bitmap_copy(newnullbitmap,addedbefore,`
`3054`	`3052`	`oldnullbitmap,0,`
`3055`	`3053`	`itemsbefore);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitad5fe74

File tree

2 files changed

2 files changed

`‎src/backend/executor/execExprInterp.c`

`‎src/backend/utils/adt/arrayfuncs.c`

0 commit comments