Thread
-
Re: Fix bug of COPY (on_error set_null)
Chao Li <li.evan.chao@gmail.com> — 2026-05-18T22:22:15Z
> On May 16, 2026, at 13:17, jian he <jian.universality@gmail.com> wrote: > > On Fri, May 15, 2026 at 9:13 AM Chao Li <li.evan.chao@gmail.com> wrote: >> >> Hi, >> >> I just tested “Add COPY (column list) (on_error set_null) option”. While tracing a normal case, I found a mistake: >> >> In BeginCopyFrom(), cstate->domain_with_constraint is allocated using the length of the specified column list, and set using the index in that column list: >> ``` >> int attr_count = list_length(cstate->attnumlist); >> >> /* >> * When data type conversion fails and ON_ERROR is SET_NULL, we need >> * ensure that the input column allow null values. ExecConstraints() >> * will cover most of the cases, but it does not verify domain >> * constraints. Therefore, for constrained domains, the null value >> * check must be performed during the initial string-to-datum >> * conversion (see CopyFromTextLikeOneRow()). >> */ >> cstate->domain_with_constraint = palloc0_array(bool, attr_count); <== allocate with length of column list from SQL >> >> foreach_int(attno, cstate->attnumlist) >> { >> int i = foreach_current_index(attno); >> >> Form_pg_attribute att = TupleDescAttr(tupDesc, attno - 1); >> >> cstate->domain_with_constraint[i] = DomainHasConstraints(att->atttypid, NULL); <= set with index of column list from SQL >> } >> ``` >> >> However, cstate->domain_with_constraint is read in CopyFromTextLikeOneRow(), where it is accessed using the actual attribute number: >> ``` >> /* Loop to read the user attributes on the line. */ >> foreach(cur, cstate->attnumlist) >> { >> int attnum = lfirst_int(cur); >> int m = attnum - 1; >> >> ... >> if (!cstate->domain_with_constraint[m] || >> ``` >> >> So, if the column list specified in SQL is shorter than the table’s actual attribute list, this may cause an out-of-bounds read. >> > Hi. > > This appears to be the same issue as reported here: > https://postgr.es/m/CAHg+QDdej0c0gWJi2FnbirzhgzyZNPiTwC1P5B_-dSNCzq-91A@mail.gmail.com Thanks for pointing out that. I will review that patch. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/