Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitade1770

Browse files
committed
Check column list length in XMLTABLE/JSON_TABLE alias
We weren't checking the length of the column list in the alias clause ofan XMLTABLE or JSON_TABLE function (a "tablefunc" RTE), and it waspossible to make the server crash by passing an overly long one. Fix itby throwing an error in that case, like the other places that deal withalias lists.In passing, modify the equivalent test used for join RTEs to look likethe other ones, which was different for no apparent reason.This bug came in when XMLTABLE was born in version 10; backpatch to allstable versions.Reported-by: Wang Ke <krking@zju.edu.cn>Discussion:https://postgr.es/m/17480-1c9d73565bb28e90@postgresql.org
1 parent7e59b12 commitade1770

File tree

10 files changed

+40
-15
lines changed

10 files changed

+40
-15
lines changed

‎src/backend/parser/parse_clause.c

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1426,21 +1426,6 @@ transformFromClauseItem(ParseState *pstate, Node *n,
14261426
res_colnames=list_concat(res_colnames,r_colnames);
14271427
res_colvars=list_concat(res_colvars,r_colvars);
14281428

1429-
/*
1430-
* Check alias (AS clause), if any.
1431-
*/
1432-
if (j->alias)
1433-
{
1434-
if (j->alias->colnames!=NIL)
1435-
{
1436-
if (list_length(j->alias->colnames)>list_length(res_colnames))
1437-
ereport(ERROR,
1438-
(errcode(ERRCODE_SYNTAX_ERROR),
1439-
errmsg("column alias list for \"%s\" has too many entries",
1440-
j->alias->aliasname)));
1441-
}
1442-
}
1443-
14441429
/*
14451430
* Now build an RTE for the result of the join
14461431
*/

‎src/backend/parser/parse_relation.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1731,6 +1731,12 @@ addRangeTableEntryForTableFunc(ParseState *pstate,
17311731
eref->colnames=list_concat(eref->colnames,
17321732
list_copy_tail(tf->colnames,numaliases));
17331733

1734+
if (numaliases>list_length(tf->colnames))
1735+
ereport(ERROR,
1736+
(errcode(ERRCODE_INVALID_COLUMN_REFERENCE),
1737+
errmsg("%s function has %d columns available but %d columns specified",
1738+
"XMLTABLE",list_length(tf->colnames),numaliases)));
1739+
17341740
rte->eref=eref;
17351741

17361742
/*
@@ -1882,6 +1888,12 @@ addRangeTableEntryForJoin(ParseState *pstate,
18821888
eref->colnames=list_concat(eref->colnames,
18831889
list_copy_tail(colnames,numaliases));
18841890

1891+
if (numaliases>list_length(colnames))
1892+
ereport(ERROR,
1893+
(errcode(ERRCODE_INVALID_COLUMN_REFERENCE),
1894+
errmsg("join expression \"%s\" has %d columns available but %d columns specified",
1895+
eref->aliasname,list_length(colnames),numaliases)));
1896+
18851897
rte->eref=eref;
18861898

18871899
/*

‎src/test/regress/expected/int2.out

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,10 @@ SELECT '' AS five, * FROM INT2_TBL;
5151
| -32767
5252
(5 rows)
5353

54+
SELECT * FROM INT2_TBL AS f(a, b);
55+
ERROR: table "f" has 1 columns available but 2 columns specified
56+
SELECT * FROM (TABLE int2_tbl) AS s (a, b);
57+
ERROR: table "s" has 1 columns available but 2 columns specified
5458
SELECT '' AS four, i.* FROM INT2_TBL i WHERE i.f1 <> int2 '0';
5559
four | f1
5660
------+--------

‎src/test/regress/expected/join.out

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5618,6 +5618,9 @@ select * from
56185618
3 | 3
56195619
(6 rows)
56205620

5621+
-- check the number of columns specified
5622+
SELECT * FROM (int8_tbl i cross join int4_tbl j) ss(a,b,c,d);
5623+
ERROR: join expression "ss" has 3 columns available but 4 columns specified
56215624
-- check we don't try to do a unique-ified semijoin with LATERAL
56225625
explain (verbose, costs off)
56235626
select * from

‎src/test/regress/expected/with.out

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -956,6 +956,11 @@ DROP TABLE y;
956956
--
957957
-- error cases
958958
--
959+
WITH x(n, b) AS (SELECT 1)
960+
SELECT * FROM x;
961+
ERROR: WITH query "x" has 1 columns available but 2 columns specified
962+
LINE 1: WITH x(n, b) AS (SELECT 1)
963+
^
959964
-- INTERSECT
960965
WITH RECURSIVE x(n) AS (SELECT 1 INTERSECT SELECT n+1 FROM x)
961966
SELECT * FROM x;

‎src/test/regress/expected/xml.out

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1145,6 +1145,9 @@ EXPLAIN (COSTS OFF, VERBOSE) SELECT * FROM xmltableview1;
11451145
Table Function Call: XMLTABLE(('/ROWS/ROW'::text) PASSING (xmldata.data) COLUMNS id integer PATH ('@id'::text), _id FOR ORDINALITY, country_name text PATH ('COUNTRY_NAME/text()'::text) NOT NULL, country_id text PATH ('COUNTRY_ID'::text), region_id integer PATH ('REGION_ID'::text), size double precision PATH ('SIZE'::text), unit text PATH ('SIZE/@unit'::text), premier_name text DEFAULT ('not specified'::text) PATH ('PREMIER_NAME'::text))
11461146
(7 rows)
11471147

1148+
-- errors
1149+
SELECT * FROM XMLTABLE (ROW () PASSING null COLUMNS v1 timestamp) AS f (v1, v2);
1150+
ERROR: XMLTABLE function has 1 columns available but 2 columns specified
11481151
-- XMLNAMESPACES tests
11491152
SELECT * FROM XMLTABLE(XMLNAMESPACES('http://x.y' AS zz),
11501153
'/zz:rows/zz:row'

‎src/test/regress/sql/int2.sql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ INSERT INTO INT2_TBL(f1) VALUES ('');
2929

3030
SELECT''AS five,*FROM INT2_TBL;
3131

32+
SELECT*FROM INT2_TBLAS f(a, b);
33+
34+
SELECT*FROM (TABLE int2_tbl)AS s (a, b);
35+
3236
SELECT''AS four, i.*FROM INT2_TBL iWHEREi.f1<> int2'0';
3337

3438
SELECT''AS four, i.*FROM INT2_TBL iWHEREi.f1<> int4'0';

‎src/test/regress/sql/join.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1892,6 +1892,9 @@ select * from
18921892
(selectq1.v)
18931893
)as q2;
18941894

1895+
-- check the number of columns specified
1896+
SELECT*FROM (int8_tbl icross join int4_tbl j) ss(a,b,c,d);
1897+
18951898
-- check we don't try to do a unique-ified semijoin with LATERAL
18961899
explain (verbose, costs off)
18971900
select*from

‎src/test/regress/sql/with.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -410,6 +410,9 @@ DROP TABLE y;
410410
-- error cases
411411
--
412412

413+
WITH x(n, b)AS (SELECT1)
414+
SELECT*FROM x;
415+
413416
-- INTERSECT
414417
WITH RECURSIVE x(n)AS (SELECT1 INTERSECTSELECT n+1FROM x)
415418
SELECT*FROM x;

‎src/test/regress/sql/xml.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -384,6 +384,9 @@ SELECT * FROM xmltableview1;
384384
EXPLAIN (COSTS OFF)SELECT*FROM xmltableview1;
385385
EXPLAIN (COSTS OFF, VERBOSE)SELECT*FROM xmltableview1;
386386

387+
-- errors
388+
SELECT*FROM XMLTABLE (ROW () PASSINGnull COLUMNS v1timestamp)AS f (v1, v2);
389+
387390
-- XMLNAMESPACES tests
388391
SELECT*FROM XMLTABLE(XMLNAMESPACES('http://x.y'AS zz),
389392
'/zz:rows/zz:row'

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp