Commitfests
2022-09Committed
Fix bounds check in trim_array()
Reviewers
  • Nathan Bossart (bossartn)
Committer
  • Tom Lane (tgl)
Participants
Martin Kalcher
Martin Kalcher
Nathan Bossart
Nathan Bossart
Tom Lane
Tom Lane
Attachments
Download Latest Patchset
+4-2
Show all attachments
Thread Outline
#1Martin KalcherMartin Kalcher
Jul 25, 2022
#2Nathan BossartNathan Bossartto Martin Kalcher (#1)
Jul 28, 2022
#3Tom LaneTom Laneto Nathan Bossart (#2)
Jul 31, 2022

[Patch] Fix bounds check in trim_array()

Started by Martin Kalcherover 3 years ago3 messageshackers
Jump to latest
#1Martin Kalcher
Martin Kalcher
martin.kalcher@aboutsource.net

Hi,

while working on something else i encountered a bug in the trim_array()
function. The bounds check fails for empty arrays without any
dimensions. It reads the size of the non existing first dimension to
determine the arrays length.

select trim_array('{}'::int[], 10);
------------
{}

select trim_array('{}'::int[], 100);
ERROR: number of elements to trim must be between 0 and 64

The attached patch fixes that check.

Martin

Attachments:

0001-Fix-bounds-check-in-trim_array.patchtext/x-patch; charset=UTF-8; name=0001-Fix-bounds-check-in-trim_array.patchDownload+4-2
#2Nathan Bossart
Nathan Bossart
nathandbossart@gmail.com
In reply to: Martin Kalcher (#1)
Re: [Patch] Fix bounds check in trim_array()

On Mon, Jul 25, 2022 at 04:40:51PM +0200, Martin Kalcher wrote:

+SELECT trim_array(ARRAY[]::int[], 1); -- fail
+ERROR:  number of elements to trim must be between 0 and 0

Can we improve the error message? Maybe it should look something like

ERROR: number of elements to trim must be 0

for this case.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Nathan Bossart (#2)
Re: [Patch] Fix bounds check in trim_array()

Nathan Bossart <nathandbossart@gmail.com> writes:

On Mon, Jul 25, 2022 at 04:40:51PM +0200, Martin Kalcher wrote:

+SELECT trim_array(ARRAY[]::int[], 1); -- fail
+ERROR:  number of elements to trim must be between 0 and 0

Can we improve the error message? Maybe it should look something like
ERROR: number of elements to trim must be 0
for this case.

Hmm, I'm unexcited about making our long-suffering translators
deal with another translatable string for such a corner case.
I think it's fine as-is.

A bigger problem is that a little further down, there's an equally
unprotected reference to ARR_LBOUND(v)[0]. Now, the fact that that
expression computes garbage doesn't matter too much, because AFAICS
if the array is zero-D then array_get_slice is going to exit at

if (ndim < nSubscripts || ndim <= 0 || ndim > MAXDIM)
return PointerGetDatum(construct_empty_array(elemtype));

without ever examining its upperIndx[] argument. However,
once we put in a test case covering this behavior, I bet that
valgrind-using buildfarm animals will start to bleat about the
invalid memory access. I think the easiest fix is like

if (ARR_NDIM(v) > 0)
{
upper[0] = ARR_LBOUND(v)[0] + array_length - n - 1;
upperProvided[0] = true;
}

It'd be good to get this fix into next week's minor releases,
so I'll go push it.

regards, tom lane

← Back to Topics