Re: Re[2]: BUG #17561: Server crashes on executing row() with very long argument list

On Mon, Aug 1, 2022 at 6:33 PM Richard Guo <guofenglinux(at)gmail(dot)com> wrote:

>
> On Mon, Aug 1, 2022 at 6:03 PM Richard Guo <guofenglinux(at)gmail(dot)com> wrote:
>
>>
>> On Mon, Aug 1, 2022 at 3:17 PM Егор Чиндяскин <kyzevan23(at)mail(dot)ru> wrote:
>>
>>> Thank you, Tom! The fix works for that case, but there is another one.
>>> I got server crashed while executing the following script:
>>>
>>> (echo "SELECT * FROM json_to_record('{\"0\":0
>>> ";for((i=1;i<100001;i++));do echo ",\"$i\":$i";done; echo "}') as x("; echo
>>> "\"0\" int";for((i=1;i<100001;i++));do echo ",\"$i\" int";done;echo ")") |
>>> psql
>>>
>>
>> Thanks for the report! This is another place that we construct a tupdesc
>> with more than MaxAttrNumber attributes, via RangeFunctions this time.
>>
>> Regarding the fix, how about we check the length of coldeflist against
>> MaxTupleAttributeNumber in transformRangeFunction()?
>>
>
> I mean something like this:
>
> diff --git a/src/backend/parser/parse_clause.c
> b/src/backend/parser/parse_clause.c
> index 5a18107e79..a74a07667d 100644
> --- a/src/backend/parser/parse_clause.c
> +++ b/src/backend/parser/parse_clause.c
> @@ -629,6 +629,15 @@ transformRangeFunction(ParseState *pstate,
> RangeFunction *r)
> */
> if (r->coldeflist)
> {
> + /* Disallow more columns than will fit in a tuple */
> + if (list_length(r->coldeflist) > MaxTupleAttributeNumber)
> + ereport(ERROR,
> + (errcode(ERRCODE_TOO_MANY_COLUMNS),
> + errmsg("Function returning RECORD
> can have at most %d entries",
> +
> MaxTupleAttributeNumber),
> + parser_errposition(pstate,
> +
> exprLocation((Node *) r->coldeflist))));
> +
> if (list_length(funcexprs) != 1)
> {
> if (r->is_rowsfrom)
>
>
Just noticed that CheckAttributeNamesTypes will check on column count
against MaxHeapAttributeNumber. Maybe we should use this as the limit?

Thanks
Richard