From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Tighten array dimensionality checks in Perl -> SQL array convers |
Date: | 2023-04-29 17:07:02 |
Message-ID: | E1pso2H-005We4-Io@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Tighten array dimensionality checks in Perl -> SQL array conversion.
plperl_array_to_datum() wasn't sufficiently careful about checking
that nested lists represent a rectangular array structure; it would
accept inputs such as "[1, []]". This is a bit related to the
PL/Python bug fixed in commit 81eaaf65e, but it doesn't seem to
provide any direct route to a memory stomp. Instead the likely
failure mode is for makeMdArrayResult to be passed fewer Datums than
the claimed array dimensionality requires, possibly leading to a wild
pointer dereference and SIGSEGV.
Per report from Alexander Lakhin. It's been broken for a long
time, so back-patch to all supported branches.
Discussion: https://postgr.es/m/5ebae5e4-d401-fadf-8585-ac3eaf53219c@gmail.com
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/900a8d526ff538d6cd03c3f52ba09fd4dc765915
Modified Files
--------------
src/pl/plperl/expected/plperl_array.out | 43 +++++++++++++++++++++++
src/pl/plperl/plperl.c | 62 +++++++++++++++++++++------------
src/pl/plperl/sql/plperl_array.sql | 37 ++++++++++++++++++++
3 files changed, 119 insertions(+), 23 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2023-05-02 02:41:21 | pgsql: doc: Fix typo in pg_amcheck for term "schema" |
Previous Message | Tom Lane | 2023-04-28 16:24:47 | pgsql: Handle zero-length sublist correctly in Python -> SQL array conv |