Fix trim_array() for zero-dimensional array argument.

tglsfdc · tglsfdc · commit 4ddfbd2a8ea9 · 2022-07-31T13:43:17.000-04:00
The code tried to access ARR_DIMS(v)[0] and ARR_LBOUND(v)[0] whether or not those values exist. This made the range check on the "n" argument unstable --- it might or might not fail, and if it did it would report garbage for the allowed upper limit. These bogus accesses would probably annoy Valgrind, and if you were very unlucky even lead to SIGSEGV. Report and fix by Martin Kalcher. Back-patch to v14 where this function was added. Discussion: https://postgr.es/m/baaeb413-b8a8-4656-5757-ef347e5ec11f@aboutsource.net
diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
@@ -6839,7 +6839,7 @@ trim_array(PG_FUNCTION_ARGS)
 {
 	ArrayType  *v = PG_GETARG_ARRAYTYPE_P(0);
 	int			n = PG_GETARG_INT32(1);
-	int			array_length = ARR_DIMS(v)[0];
+	int			array_length = (ARR_NDIM(v) > 0) ? ARR_DIMS(v)[0] : 0;
 	int16		elmlen;
 	bool		elmbyval;
 	char		elmalign;
@@ -6859,8 +6859,11 @@ trim_array(PG_FUNCTION_ARGS)
 	/* Set all the bounds as unprovided except the first upper bound */
 	memset(lowerProvided, false, sizeof(lowerProvided));
 	memset(upperProvided, false, sizeof(upperProvided));
-	upper[0] = ARR_LBOUND(v)[0] + array_length - n - 1;
-	upperProvided[0] = true;
+	if (ARR_NDIM(v) > 0)
+	{
+		upper[0] = ARR_LBOUND(v)[0] + array_length - n - 1;
+		upperProvided[0] = true;
+	}
 
 	/* Fetch the needed information about the element type */
 	get_typlenbyvalalign(ARR_ELEMTYPE(v), &elmlen, &elmbyval, &elmalign);
diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out
@@ -2445,3 +2445,5 @@ SELECT trim_array(ARRAY[1, 2, 3], -1); -- fail
 ERROR:  number of elements to trim must be between 0 and 3
 SELECT trim_array(ARRAY[1, 2, 3], 10); -- fail
 ERROR:  number of elements to trim must be between 0 and 3
+SELECT trim_array(ARRAY[]::int[], 1); -- fail
+ERROR:  number of elements to trim must be between 0 and 0
diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql
@@ -754,3 +754,4 @@ FROM
 
 SELECT trim_array(ARRAY[1, 2, 3], -1); -- fail
 SELECT trim_array(ARRAY[1, 2, 3], 10); -- fail
+SELECT trim_array(ARRAY[]::int[], 1); -- fail

Original file line number	Diff line number	Diff line change
`@@ -754,3 +754,4 @@ FROM`
`754`	`754`
`755`	`755`	`SELECT trim_array(ARRAY[1, 2, 3], -1); -- fail`
`756`	`756`	`SELECT trim_array(ARRAY[1, 2, 3], 10); -- fail`
	`757`	`+SELECT trim_array(ARRAY[]::int[], 1); -- fail`