summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 658e5d5)
raw | patch | inline | side by side (parent: 658e5d5)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 29 Jul 2022 17:30:50 +0000 (13:30 -0400) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 29 Jul 2022 17:30:50 +0000 (13:30 -0400) |
A RowExpr with more than MaxTupleAttributeNumber columns would fail at
execution anyway, since we cannot form a tuple datum with more than that
many columns. While heap_form_tuple() has a check for too many columns,
it emerges that there are some intermediate bits of code that don't
check and can be driven to failure with sufficiently many columns.
Checking this at parse time seems like the most appropriate place to
install a defense, since we already check SELECT list length there.
While at it, make the SELECT-list-length error use the same errcode
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic
PROGRAM_LIMIT_EXCEEDED.
Per bug #17561 from Egor Chindyaskin. The given test case crashes
in all supported branches (and probably a lot further back),
so patch all.
Discussion: https://postgr.es/m/17561-80350151b9ad2ad4@postgresql.org
execution anyway, since we cannot form a tuple datum with more than that
many columns. While heap_form_tuple() has a check for too many columns,
it emerges that there are some intermediate bits of code that don't
check and can be driven to failure with sufficiently many columns.
Checking this at parse time seems like the most appropriate place to
install a defense, since we already check SELECT list length there.
While at it, make the SELECT-list-length error use the same errcode
(TOO_MANY_COLUMNS) as heap_form_tuple does, rather than the generic
PROGRAM_LIMIT_EXCEEDED.
Per bug #17561 from Egor Chindyaskin. The given test case crashes
in all supported branches (and probably a lot further back),
so patch all.
Discussion: https://postgr.es/m/17561-80350151b9ad2ad4@postgresql.org
| src/backend/parser/parse_expr.c | patch | blob | blame | history | |
| src/backend/parser/parse_node.c | patch | blob | blame | history |
index 97f535a2f00ff83ba13d0806e77a916c47a3c9e6..a903f7ab16d8b3cb9550cb52503bd6cf4d182a54 100644 (file)
newr->args = transformExpressionList(pstate, r->args,
pstate->p_expr_kind, allowDefault);
+ /* Disallow more columns than will fit in a tuple */
+ if (list_length(newr->args) > MaxTupleAttributeNumber)
+ ereport(ERROR,
+ (errcode(ERRCODE_TOO_MANY_COLUMNS),
+ errmsg("ROW expressions can have at most %d entries",
+ MaxTupleAttributeNumber),
+ parser_errposition(pstate, r->location)));
+
/* Barring later casting, we consider the type RECORD */
newr->row_typeid = RECORDOID;
newr->row_format = COERCE_IMPLICIT_CAST;
index 1baf7ef31f1608a5fda979b7ea577019b894daf1..d1e2a71f9e912573e05bd95f5ffdbb5424998b71 100644 (file)
*/
if (pstate->p_next_resno - 1 > MaxTupleAttributeNumber)
ereport(ERROR,
- (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
+ (errcode(ERRCODE_TOO_MANY_COLUMNS),
errmsg("target lists can have at most %d entries",
MaxTupleAttributeNumber)));