NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitd5de344

committed

In array_position()/array_positions(), beware of empty input array.

These functions incautiously fetched the array's first lower boundeven when the array is zero-dimensional, thus fetching the wordafter the allocated array space. While almost always harmless,with very bad luck this could result in SIGSEGV. Fix by addingan early exit for empty input.Per bug #17920 from Alexander Lakhin.Discussion:https://postgr.es/m/17920-f7c228c627b6d02e%40postgresql.org

1 parent9d51733 commitd5de344Copy full SHA for d5de344

File tree

1 file changed

+12

-4

lines changed

src/backend/utils/adt
- array_userfuncs.c

1 file changed

+12

-4

lines changed

`‎src/backend/utils/adt/array_userfuncs.c`

Lines changed: 12 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -651,7 +651,6 @@ array_position_common(FunctionCallInfo fcinfo)`
`651`	`651`	`PG_RETURN_NULL();`
`652`	`652`
`653`	`653`	`array=PG_GETARG_ARRAYTYPE_P(0);`
`654`		`-element_type=ARR_ELEMTYPE(array);`
`655`	`654`
`656`	`655`	`/*`
`657`	`656`	`* We refuse to search for elements in multi-dimensional arrays, since we`
`@@ -662,6 +661,10 @@ array_position_common(FunctionCallInfo fcinfo)`
`662`	`661`	`(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
`663`	`662`	`errmsg("searching for elements in multidimensional arrays is not supported")));`
`664`	`663`
	`664`	`+/* Searching in an empty array is well-defined, though: it always fails */`
	`665`	`+if (ARR_NDIM(array)<1)`
	`666`	`+PG_RETURN_NULL();`
	`667`	`+`
`665`	`668`	`if (PG_ARGISNULL(1))`
`666`	`669`	`{`
`667`	`670`	`/* fast return when the array doesn't have nulls */`
`@@ -676,6 +679,7 @@ array_position_common(FunctionCallInfo fcinfo)`
`676`	`679`	`null_search= false;`
`677`	`680`	`}`
`678`	`681`
	`682`	`+element_type=ARR_ELEMTYPE(array);`
`679`	`683`	`position= (ARR_LBOUND(array))[0]-1;`
`680`	`684`
`681`	`685`	`/* figure out where to start */`
`@@ -801,9 +805,6 @@ array_positions(PG_FUNCTION_ARGS)`
`801`	`805`	`PG_RETURN_NULL();`
`802`	`806`
`803`	`807`	`array=PG_GETARG_ARRAYTYPE_P(0);`
`804`		`-element_type=ARR_ELEMTYPE(array);`
`805`		`-`
`806`		`-position= (ARR_LBOUND(array))[0]-1;`
`807`	`808`
`808`	`809`	`/*`
`809`	`810`	`* We refuse to search for elements in multi-dimensional arrays, since we`
`@@ -816,6 +817,10 @@ array_positions(PG_FUNCTION_ARGS)`
`816`	`817`
`817`	`818`	`astate=initArrayResult(INT4OID,CurrentMemoryContext, false);`
`818`	`819`
	`820`	`+/* Searching in an empty array is well-defined, though: it always fails */`
	`821`	`+if (ARR_NDIM(array)<1)`
	`822`	`+PG_RETURN_DATUM(makeArrayResult(astate,CurrentMemoryContext));`
	`823`	`+`
`819`	`824`	`if (PG_ARGISNULL(1))`
`820`	`825`	`{`
`821`	`826`	`/* fast return when the array doesn't have nulls */`
`@@ -830,6 +835,9 @@ array_positions(PG_FUNCTION_ARGS)`
`830`	`835`	`null_search= false;`
`831`	`836`	`}`
`832`	`837`
	`838`	`+element_type=ARR_ELEMTYPE(array);`
	`839`	`+position= (ARR_LBOUND(array))[0]-1;`
	`840`	`+`
`833`	`841`	`/*`
`834`	`842`	`* We arrange to look up type info for array_create_iterator only once per`
`835`	`843`	`* series of calls, assuming the element type doesn't change underneath`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitd5de344

File tree

1 file changed

1 file changed

`‎src/backend/utils/adt/array_userfuncs.c`

0 commit comments