Re: Re[2]: BUG #17561: Server crashes on executing row() with very long argument list

On Mon, Aug 1, 2022 at 6:03 PM Richard Guo <guofenglinux(at)gmail(dot)com> wrote:

>
> On Mon, Aug 1, 2022 at 3:17 PM Егор Чиндяскин <kyzevan23(at)mail(dot)ru> wrote:
>
>> Thank you, Tom! The fix works for that case, but there is another one.
>> I got server crashed while executing the following script:
>>
>> (echo "SELECT * FROM json_to_record('{\"0\":0
>> ";for((i=1;i<100001;i++));do echo ",\"$i\":$i";done; echo "}') as x("; echo
>> "\"0\" int";for((i=1;i<100001;i++));do echo ",\"$i\" int";done;echo ")") |
>> psql
>>
>
> Thanks for the report! This is another place that we construct a tupdesc
> with more than MaxAttrNumber attributes, via RangeFunctions this time.
>
> Regarding the fix, how about we check the length of coldeflist against
> MaxTupleAttributeNumber in transformRangeFunction()?
>

I mean something like this:

diff --git a/src/backend/parser/parse_clause.c
b/src/backend/parser/parse_clause.c
index 5a18107e79..a74a07667d 100644
--- a/src/backend/parser/parse_clause.c
+++ b/src/backend/parser/parse_clause.c
@@ -629,6 +629,15 @@ transformRangeFunction(ParseState *pstate,
RangeFunction *r)
*/
if (r->coldeflist)
{
+ /* Disallow more columns than will fit in a tuple */
+ if (list_length(r->coldeflist) > MaxTupleAttributeNumber)
+ ereport(ERROR,
+ (errcode(ERRCODE_TOO_MANY_COLUMNS),
+ errmsg("Function returning RECORD
can have at most %d entries",
+
MaxTupleAttributeNumber),
+ parser_errposition(pstate,
+
exprLocation((Node *) r->coldeflist))));
+
if (list_length(funcexprs) != 1)
{
if (r->is_rowsfrom)

Thanks
Richard