From: | Peter Geoghegan <pg(at)heroku(dot)com> |
---|---|
To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Further issues with jsonb semantics, documentation |
Date: | 2015-06-05 00:43:28 |
Message-ID: | CAM3SWZSN9RTj0nVtA8=NJyvkOwrJ+Df2xNjPyJdZx2ZNNbv=ww@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Jun 4, 2015 at 12:10 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
> jsonb_delete() should certainly be able to traverse objects, but it's
> much less clear that it should be able to *traverse* arrays (affecting
> arrays is a different story, though). That's why I proposed not
> supporting traversing arrays with it or with jsonb_set(). This would
> also removes the questionable second "shadow type system" within the
> text[] rhs operand too, which seems like a good thing.
Here is a further example of why I find this new "shadow type" system
for rhs text[] operands to be pretty questionable:
postgres=# select jsonb_set('[1, 2, 3, 4, 5,6,7,8,9,10,11,12]',
'{"5e10"}'::text[], '"Input unsanitized"') ;
jsonb_set
-----------------------------------------------------------
[1, 2, 3, 4, 5, "Input unsanitized", 7, 8, 9, 10, 11, 12]
(1 row)
BTW, there is a bug here -- strtol() needs additional defenses [1]
(before casting to int):
postgres=# select jsonb_set('[1, 2, 3, 4,
5,6,7,8,9,10,11,12,13,14,15,16,17,18]',
'{"9223372036854775806"}'::text[], '"Input unsanitized"', false) ;
jsonb_set
----------------------------------------------------------------------------------
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, "Input
unsanitized", 18]
(1 row)
[1] https://www.securecoding.cert.org/confluence/display/cplusplus/INT06-CPP.+Use+strtol()+or+a+related+function+to+convert+a+string+token+to+an+integer
--
Peter Geoghegan
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2015-06-05 00:50:34 | Re: Further issues with jsonb semantics, documentation |
Previous Message | Andrew Dunstan | 2015-06-05 00:31:55 | Re: Further issues with jsonb semantics, documentation |