Participants
Gurjeet Singh
Gurjeet Singh
Tom Lane
Tom Lane
Attachments
Download Latest Patchset
+2-2
Show all attachments
Thread Outline
#1Gurjeet SinghGurjeet Singh
Jan 31, 2023
#2Tom LaneTom Laneto Gurjeet Singh (#1)
Jan 31, 2023

Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

Started by Gurjeet Singhabout 3 years ago2 messageshackers
Jump to latest
#1Gurjeet Singh
Gurjeet Singh
gurjeet@singh.im

On Mon, Jan 30, 2023 at 11:50 PM Gurjeet Singh <gurjeet@singh.im> wrote:

It was the classical case of out-of-bounds access.

This mistake would've been caught early if there were assertions
preventing access beyond the number of arguments passed to the
function. I'll send the assert_enough_args.patch, that adds these
checks, in a separate thread to avoid potentially confusing cfbot.

Please see attached the patch to that ensures we don't accidentally
access more parameters than that are passed to a SQL callable
function.

Best regards,
Gurjeet
http://Gurje.et

Attachments:

assert_enough_args.patchapplication/x-patch; name=assert_enough_args.patchDownload+2-2
#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Gurjeet Singh (#1)
Re: Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

Gurjeet Singh <gurjeet@singh.im> writes:

Please see attached the patch to that ensures we don't accidentally
access more parameters than that are passed to a SQL callable
function.

I'm unexcited by that. It'd add a pretty substantial amount
of code to catch an error that hardly anyone ever makes.

regards, tom lane

← Back to Topics