summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7cfe688)
raw | patch | inline | side by side (parent: 7cfe688)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 29 Jul 2022 17:30:50 +0000 (13:30 -0400) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 29 Jul 2022 17:30:50 +0000 (13:30 -0400) |
A RowExpr with more than MaxTupleAttributeNumber columns would fail at
execution anyway, since we cannot form a tuple datum with more than that
many columns. While heap_form_tuple() has a check for too many columns,
it emerges that there are some intermediate bits of code that don't
check and can be driven to failure with sufficiently many columns.
Checking this at parse time seems like the most appropriate place to
install a defense, since we already check SELECT list length there.
While at it, make the SELECT-list-length error use the same errcode
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic
PROGRAM_LIMIT_EXCEEDED.
Per bug #17561 from Egor Chindyaskin. The given test case crashes
in all supported branches (and probably a lot further back),
so patch all.
Discussion: https://postgr.es/m/17561-80350151b9ad2ad4@postgresql.org
execution anyway, since we cannot form a tuple datum with more than that
many columns. While heap_form_tuple() has a check for too many columns,
it emerges that there are some intermediate bits of code that don't
check and can be driven to failure with sufficiently many columns.
Checking this at parse time seems like the most appropriate place to
install a defense, since we already check SELECT list length there.
While at it, make the SELECT-list-length error use the same errcode
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic
PROGRAM_LIMIT_EXCEEDED.
Per bug #17561 from Egor Chindyaskin. The given test case crashes
in all supported branches (and probably a lot further back),
so patch all.
Discussion: https://postgr.es/m/17561-80350151b9ad2ad4@postgresql.org
| src/backend/parser/parse_expr.c | patch | blob | blame | history | |
| src/backend/parser/parse_node.c | patch | blob | blame | history |
index 0d108d0951698ec6342e4f225ffeae39bfca03c2..85c3aaa44272fe19aac8a1ab619df6ab32d6c316 100644 (file)
newr->args = transformExpressionList(pstate, r->args,
pstate->p_expr_kind, allowDefault);
+ /* Disallow more columns than will fit in a tuple */
+ if (list_length(newr->args) > MaxTupleAttributeNumber)
+ ereport(ERROR,
+ (errcode(ERRCODE_TOO_MANY_COLUMNS),
+ errmsg("ROW expressions can have at most %d entries",
+ MaxTupleAttributeNumber),
+ parser_errposition(pstate, r->location)));
+
/* Barring later casting, we consider the type RECORD */
newr->row_typeid = RECORDOID;
newr->row_format = COERCE_IMPLICIT_CAST;
index 6e98fe55fc471eea005ab881298111958fcd7c0d..7041862caa6c03fe4ab92f331f2971f3b18e3bcd 100644 (file)
*/
if (pstate->p_next_resno - 1 > MaxTupleAttributeNumber)
ereport(ERROR,
- (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ (errcode(ERRCODE_TOO_MANY_COLUMNS),
errmsg("target lists can have at most %d entries",
MaxTupleAttributeNumber)));