Re: ARRNELEMS Out-of-bounds possible errors

Hi,

The most obvious solution I see is to check all calls and for cases like we
both mentioned
to pass a flag meaning safe or unsafe (for these cases) behavior is
expected, like

#define ARRNELEMS(x) ArrayGetNItems( ARR_NDIM(x), ARR_DIMS(x), false)

...

int
ArrayGetNItems(int ndim, const int *dims, bool issafe)
{
return ArrayGetNItemsSafe(ndim, dims, NULL, issafe);
}

int
ArrayGetNItemsSafe(int ndim, const int *dims, struct Node *escontext, bool
issafe)
{
...

Another solution is revision of wrapping code for all calls of
ArrayGetNItems.
Safe functions is a good idea overall, but a lot of code needs to be
revised.

On Fri, Dec 23, 2022 at 1:20 AM Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> wrote:

> Em qui., 22 de dez. de 2022 às 15:45, Nikita Malakhov <hukutoc(at)gmail(dot)com>
> escreveu:
>
>> Hi,
>>
>> Actually, there would be much more sources affected, like
>> nbytes += subbytes[outer_nelems];
>> subnitems[outer_nelems] = ArrayGetNItems(this_ndims,
>> ARR_DIMS(array));
>> nitems += subnitems[outer_nelems];
>> havenulls |= ARR_HASNULL(array);
>> outer_nelems++;
>> }
>>
>> Maybe it is better for most calls like this to keep old behavior, by
>> passing a flag
>> that says which behavior is expected by caller?
>>
> I agreed that it is better to keep old behavior.
> Even the value 0 is problematic, with calls like this:
>
> nel = ARRNELEMS(ent);
> memcpy(ptr, ARRPTR(ent), nel * sizeof(int32));
>
> regards,
> Ranier Vilela
>

--
Regards,
Nikita Malakhov
Postgres Professional
https://postgrespro.ru/