Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit5f74d49

Browse files
committed
Defend against function calls with more than 8 arguments (code
used to overrun its fixed-size arrays before detecting error; not cool).Also, replace uses of magic constant '8' with 'MAXFARGS'.
1 parent4c65382 commit5f74d49

File tree

4 files changed

+33
-23
lines changed

4 files changed

+33
-23
lines changed

‎src/backend/parser/parse_coerce.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/parser/parse_coerce.c,v 2.17 1999/05/29 03:17:19 tgl Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/parser/parse_coerce.c,v 2.18 1999/06/17 22:21:41 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -20,6 +20,7 @@
2020
#include"parser/parse_expr.h"
2121

2222
#include"catalog/pg_type.h"
23+
#include"parser/parse_func.h"
2324
#include"parser/parse_type.h"
2425
#include"parser/parse_target.h"
2526
#include"parser/parse_coerce.h"
@@ -132,7 +133,7 @@ can_coerce_type(int nargs, Oid *input_typeids, Oid *func_typeids)
132133
HeapTupleftup;
133134
inti;
134135
Typetp;
135-
Oidoid_array[8];
136+
Oidoid_array[MAXFARGS];
136137

137138
/* run through argument list... */
138139
for (i=0;i<nargs;i++)
@@ -160,7 +161,7 @@ can_coerce_type(int nargs, Oid *input_typeids, Oid *func_typeids)
160161
*/
161162
elseif (input_typeids[i]!=UNKNOWNOID)
162163
{
163-
MemSet(&oid_array[0],0,8*sizeof(Oid));
164+
MemSet(oid_array,0,MAXFARGS*sizeof(Oid));
164165
oid_array[0]=input_typeids[i];
165166

166167
/*

‎src/backend/parser/parse_func.c

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/parser/parse_func.c,v 1.46 1999/05/25 16:10:17 momjian Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/parser/parse_func.c,v 1.47 1999/06/17 22:21:40 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -83,8 +83,6 @@ static Oidagg_select_candidate(Oid typeid, CandidateList candidates);
8383

8484
#defineISCOMPLEX(type) (typeidTypeRelid(type) ? true : false)
8585

86-
#defineMAXFARGS 8/* max # args to a c or postquel function */
87-
8886
typedefstruct_SuperQE
8987
{
9088
Oidsqe_relid;
@@ -241,9 +239,9 @@ Node *
241239
ParseFuncOrColumn(ParseState*pstate,char*funcname,List*fargs,
242240
int*curr_resno,intprecedence)
243241
{
244-
Oidrettype=(Oid)0;
245-
Oidargrelid=(Oid)0;
246-
Oidfuncid=(Oid)0;
242+
Oidrettype=InvalidOid;
243+
Oidargrelid=InvalidOid;
244+
Oidfuncid=InvalidOid;
247245
List*i=NIL;
248246
Node*first_arg=NULL;
249247
char*relname=NULL;
@@ -252,12 +250,12 @@ ParseFuncOrColumn(ParseState *pstate, char *funcname, List *fargs,
252250
Oidrelid;
253251
intnargs;
254252
Func*funcnode;
255-
Oidoid_array[8];
253+
Oidoid_array[MAXFARGS];
256254
Oid*true_oid_array;
257255
Node*retval;
258256
boolretset;
259257
boolattisset= false;
260-
Oidtoid=(Oid)0;
258+
Oidtoid=InvalidOid;
261259
Expr*expr;
262260

263261
if (fargs)
@@ -425,7 +423,7 @@ ParseFuncOrColumn(ParseState *pstate, char *funcname, List *fargs,
425423
* transform relation name arguments into varnodes of the appropriate
426424
* form.
427425
*/
428-
MemSet(&oid_array[0],0,8*sizeof(Oid));
426+
MemSet(oid_array,0,MAXFARGS*sizeof(Oid));
429427

430428
nargs=0;
431429
foreach(i,fargs)
@@ -477,6 +475,14 @@ ParseFuncOrColumn(ParseState *pstate, char *funcname, List *fargs,
477475
toid=exprType(pair);
478476
}
479477

478+
/* Most of the rest of the parser just assumes that functions do not
479+
* have more than MAXFARGS parameters. We have to test here to protect
480+
* against array overruns, etc.
481+
*/
482+
if (nargs >=MAXFARGS)
483+
elog(ERROR,"Cannot pass more than %d arguments to a function",
484+
MAXFARGS);
485+
480486
oid_array[nargs++]=toid;
481487
}
482488

@@ -638,7 +644,7 @@ static Oid
638644
funcid_get_rettype(Oidfuncid)
639645
{
640646
HeapTuplefunc_tuple=NULL;
641-
Oidfuncrettype=(Oid)0;
647+
Oidfuncrettype=InvalidOid;
642648

643649
func_tuple=SearchSysCacheTuple(PROOID,
644650
ObjectIdGetDatum(funcid),
@@ -701,8 +707,8 @@ func_get_candidates(char *funcname, int nargs)
701707
current_candidate= (CandidateList)
702708
palloc(sizeof(struct_CandidateList));
703709
current_candidate->args= (Oid*)
704-
palloc(8*sizeof(Oid));
705-
MemSet(current_candidate->args,0,8*sizeof(Oid));
710+
palloc(MAXFARGS*sizeof(Oid));
711+
MemSet(current_candidate->args,0,MAXFARGS*sizeof(Oid));
706712
for (i=0;i<nargs;i++)
707713
current_candidate->args[i]=pgProcP->proargtypes[i];
708714

@@ -1337,7 +1343,7 @@ setup_tlist(char *attname, Oid relid)
13371343
type_mod,
13381344
get_attname(relid,attno),
13391345
0,
1340-
(Oid)0,
1346+
InvalidOid,
13411347
false);
13421348
varnode=makeVar(-1,attno,typeid,type_mod,0,-1,attno);
13431349

@@ -1362,7 +1368,7 @@ setup_base_tlist(Oid typeid)
13621368
-1,
13631369
"<noname>",
13641370
0,
1365-
(Oid)0,
1371+
InvalidOid,
13661372
false);
13671373
varnode=makeVar(-1,1,typeid,-1,0,-1,1);
13681374
tle=makeTargetEntry(resnode, (Node*)varnode);

‎src/backend/parser/parse_target.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/parser/parse_target.c,v 1.41 1999/05/29 03:17:20 tgl Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/parser/parse_target.c,v 1.42 1999/06/17 22:21:41 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -712,15 +712,15 @@ SizeTargetExpr(ParseState *pstate,
712712
inti;
713713
HeapTupleftup;
714714
char*funcname;
715-
Oidoid_array[8];
715+
Oidoid_array[MAXFARGS];
716716

717717
FuncCall*func;
718718
A_Const*cons;
719719

720720
funcname=typeidTypeName(attrtype);
721721
oid_array[0]=attrtype;
722722
oid_array[1]=INT4OID;
723-
for (i=2;i<8;i++)
723+
for (i=2;i<MAXFARGS;i++)
724724
oid_array[i]=InvalidOid;
725725

726726
/* attempt to find with arguments exactly as specified... */

‎src/include/parser/parse_func.h

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
*
77
* Copyright (c) 1994, Regents of the University of California
88
*
9-
* $Id: parse_func.h,v 1.15 1999/05/25 16:14:27 momjian Exp $
9+
* $Id: parse_func.h,v 1.16 1999/06/17 22:21:40 tgl Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -20,6 +20,9 @@
2020
#include<parser/parse_func.h>
2121
#include<parser/parse_node.h>
2222

23+
24+
#defineMAXFARGS 8/* max # args to a c or postquel function */
25+
2326
/*
2427
*This structure is used to explore the inheritance hierarchy above
2528
*nodes in the type tree in order to disambiguate among polymorphic
@@ -47,7 +50,7 @@ extern Node *ParseNestedFuncOrColumn(ParseState *pstate, Attr *attr,
4750
externNode*ParseFuncOrColumn(ParseState*pstate,char*funcname,List*fargs,
4851
int*curr_resno,intprecedence);
4952

50-
externvoid
51-
func_error(char*caller,char*funcname,intnargs,Oid*argtypes,char*msg);
53+
externvoidfunc_error(char*caller,char*funcname,
54+
intnargs,Oid*argtypes,char*msg);
5255

5356
#endif/* PARSE_FUNC_H */

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp