Participants
Ranier Vilela
Ranier Vilela
Tom Lane
Tom Lane
Attachments
Thread Outline
#1Ranier VilelaRanier Vilela
Oct 05, 2025
#2Tom LaneTom Laneto Ranier Vilela (#1)
Oct 05, 2025
#3Ranier VilelaRanier Vilelato Tom Lane (#2)
Oct 06, 2025
#4Ranier VilelaRanier Vilelato Ranier Vilela (#3)
Oct 06, 2025

Fix misuse use of window_gettupleslot function (src/backend/executor/nodeWindowAgg.c)

Started by Ranier Vilela3 months ago4 messages
#1Ranier Vilela
Ranier Vilela
ranier.vf@gmail.com
1 attachment(s)

Hi.

Per Coverity.

CID 1635309: (#1 of 1): Unchecked return value (CHECKED_RETURN)
7. check_return: Calling window_gettupleslot without checking return value
(as is done elsewhere 8 out of 9 times).

The function "window_gettupleslot" can fail.

All other calls check the return, In this case it could not be different.

Fix by checking the return and reporting a message to the user,
in case of failure.
The error message, however, I'm not sure if it's ideal.

best regards,
Ranier Vilela

Attachments:

fix-api-misuse-function-window_gettupleslot.patchapplication/octet-stream; name=fix-api-misuse-function-window_gettupleslot.patchDownload
diff --git a/src/backend/executor/nodeWindowAgg.c b/src/backend/executor/nodeWindowAgg.c
index cf667c8121..d87cb2557d 100644
--- a/src/backend/executor/nodeWindowAgg.c
+++ b/src/backend/executor/nodeWindowAgg.c
@@ -1502,7 +1502,8 @@ row_is_in_frame(WindowObject winobj, int64 pos, TupleTableSlot *slot,
 			if (pos > winstate->currentpos)
 			{
 				if (fetch_tuple)
-					window_gettupleslot(winobj, pos, slot);
+					if (!window_gettupleslot(winobj, pos, slot))
+						elog(ERROR, "could not re-fetch previously fetched frame row");
 				if (!are_peers(winstate, slot, winstate->ss.ss_ScanTupleSlot))
 					return -1;
 			}
#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Ranier Vilela (#1)
Re: Fix misuse use of window_gettupleslot function (src/backend/executor/nodeWindowAgg.c)

Ranier Vilela <ranier.vf@gmail.com> writes:

Per Coverity.
CID 1635309: (#1 of 1): Unchecked return value (CHECKED_RETURN)
7. check_return: Calling window_gettupleslot without checking return value
(as is done elsewhere 8 out of 9 times).

Yeah, the security team's Coverity instance just whined about that
too. But isn't the correct behavior simply "return -1"? It looks
to me like a failure should be interpreted as "row doesn't exist,
therefore it's not in frame".

What would be really useful is a test case that reaches this
condition. That would make it plain what to do.

regards, tom lane

#3Ranier Vilela
Ranier Vilela
ranier.vf@gmail.com
In reply to: Tom Lane (#2)
1 attachment(s)
Re: Fix misuse use of window_gettupleslot function (src/backend/executor/nodeWindowAgg.c)

Em dom., 5 de out. de 2025 às 13:05, Tom Lane <tgl@sss.pgh.pa.us> escreveu:

Ranier Vilela <ranier.vf@gmail.com> writes:

Per Coverity.
CID 1635309: (#1 of 1): Unchecked return value (CHECKED_RETURN)
7. check_return: Calling window_gettupleslot without checking return

value

(as is done elsewhere 8 out of 9 times).

Yeah, the security team's Coverity instance just whined about that
too. But isn't the correct behavior simply "return -1"?

It seems to me a better option.

It looks
to me like a failure should be interpreted as "row doesn't exist,
therefore it's not in frame".

I also believe that the original author did not expect a failure here.

What would be really useful is a test case that reaches this
condition. That would make it plain what to do.

There is a comment above that indicates that possibly a failure could also
be the end of the partition.

v1 patch attached.

best regards,
Ranier Vilela

Attachments:

v1-fix-api-misuse-function-window_gettupleslot.patchapplication/octet-stream; name=v1-fix-api-misuse-function-window_gettupleslot.patchDownload
diff --git a/src/backend/executor/nodeWindowAgg.c b/src/backend/executor/nodeWindowAgg.c
index cf667c8121..f4030a9426 100644
--- a/src/backend/executor/nodeWindowAgg.c
+++ b/src/backend/executor/nodeWindowAgg.c
@@ -1502,7 +1502,8 @@ row_is_in_frame(WindowObject winobj, int64 pos, TupleTableSlot *slot,
 			if (pos > winstate->currentpos)
 			{
 				if (fetch_tuple)
-					window_gettupleslot(winobj, pos, slot);
+					if (!window_gettupleslot(winobj, pos, slot))
+						return -1;
 				if (!are_peers(winstate, slot, winstate->ss.ss_ScanTupleSlot))
 					return -1;
 			}
#4Ranier Vilela
Ranier Vilela
ranier.vf@gmail.com
In reply to: Ranier Vilela (#3)
Re: Fix misuse use of window_gettupleslot function (src/backend/executor/nodeWindowAgg.c)

Em seg., 6 de out. de 2025 às 08:33, Ranier Vilela <ranier.vf@gmail.com>
escreveu:

Em dom., 5 de out. de 2025 às 13:05, Tom Lane <tgl@sss.pgh.pa.us>
escreveu:

Ranier Vilela <ranier.vf@gmail.com> writes:

Per Coverity.
CID 1635309: (#1 of 1): Unchecked return value (CHECKED_RETURN)
7. check_return: Calling window_gettupleslot without checking return

value

(as is done elsewhere 8 out of 9 times).

Yeah, the security team's Coverity instance just whined about that
too. But isn't the correct behavior simply "return -1"?

It seems to me a better option.

It looks
to me like a failure should be interpreted as "row doesn't exist,
therefore it's not in frame".

I also believe that the original author did not expect a failure here.

What would be really useful is a test case that reaches this
condition. That would make it plain what to do.

There is a comment above that indicates that possibly a failure could also
be the end of the partition.

v1 patch attached.

It seems to me that this issue is being addressed in another thread. [1]/messages/by-id/20251002.211550.1475922457918078317.ishii@postgresql.org
I'll withdraw these patch.

best regards,
Ranier Vilela

[1]: /messages/by-id/20251002.211550.1475922457918078317.ishii@postgresql.org
/messages/by-id/20251002.211550.1475922457918078317.ishii@postgresql.org

← Back to Topics