Re: pg17.3 PQescapeIdentifier() ignores len
Ranier Vilela <ranier.vf@gmail.com>
From: Ranier Vilela <ranier.vf@gmail.com>
To: Justin Pryzby <pryzby@telsasoft.com>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2025-02-13T16:59:17Z
Lists: pgsql-hackers
Em qui., 13 de fev. de 2025 às 13:51, Justin Pryzby <pryzby@telsasoft.com>
escreveu:
> I found errors in our sql log after upgrading to 17.3.
>
> error_severity | ERROR
> message | schema
> "rptcache.44e3955c33bb79f55750897da0c5ab1fa2004af1_20250214" does not exist
> query | copy
> "rptcache.44e3955c33bb79f55750897da0c5ab1fa2004af1_20250214"."44e3955c33bb79f55750897da0c5ab1fa2004af1_20250214"
> from stdin
>
> The copy command is from pygresql's inserttable(), which does:
>
> do {
> t = strchr(s, '.');
> if (!t)
> t = s + strlen(s);
> table = PQescapeIdentifier(self->cnx, s, (size_t)(t - s));
> fprintf(stderr, "table %s len %ld => %s\n", s, t-s, table);
> if (bufpt < bufmax)
> bufpt += snprintf(bufpt, (size_t)(bufmax - bufpt), "%s",
> table);
> PQfreemem(table);
> s = t;
> if (*s && bufpt < bufmax)
> *bufpt++ = *s++;
> } while (*s);
>
> The fprintf suggests that since 5dc1e42b4 PQescapeIdentifier ignores its
> len.
>
Interesting, Coverity has some new reports regarding PQescapeIdentifier.
CID 1591290: (#1 of 1): Out-of-bounds access (OVERRUN)
2. alloc_strlen: Allocating insufficient memory for the terminating null of
the string. [Note: The source code implementation of the function has been
overridden by a builtin model.]
Until now, I was in disbelief.
best regards,
Ranier Vilela
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Fix PQescapeLiteral()/PQescapeIdentifier() length handling
- 1f7a05324524 13.20 landed
- 985908df1811 14.17 landed
- 22ffbbf24db4 15.12 landed
- 111f4dd273c8 16.8 landed
- a92db3d02dbd 17.4 landed
- efdadeb2238f 18.0 landed