Thread

  1. Re: Fix bug of COPY (on_error set_null)

    Chao Li <li.evan.chao@gmail.com> — 2026-05-18T22:22:15Z

    
    > On May 16, 2026, at 13:17, jian he <jian.universality@gmail.com> wrote:
    > 
    > On Fri, May 15, 2026 at 9:13 AM Chao Li <li.evan.chao@gmail.com> wrote:
    >> 
    >> Hi,
    >> 
    >> I just tested “Add COPY (column list) (on_error set_null) option”. While tracing a normal case, I found a mistake:
    >> 
    >> In BeginCopyFrom(), cstate->domain_with_constraint is allocated using the length of the specified column list, and set using the index in that column list:
    >> ```
    >>                int                     attr_count = list_length(cstate->attnumlist);
    >> 
    >>                /*
    >>                 * When data type conversion fails and ON_ERROR is SET_NULL, we need
    >>                 * ensure that the input column allow null values.  ExecConstraints()
    >>                 * will cover most of the cases, but it does not verify domain
    >>                 * constraints.  Therefore, for constrained domains, the null value
    >>                 * check must be performed during the initial string-to-datum
    >>                 * conversion (see CopyFromTextLikeOneRow()).
    >>                 */
    >>                cstate->domain_with_constraint = palloc0_array(bool, attr_count); <== allocate with length of column list from SQL
    >> 
    >>                foreach_int(attno, cstate->attnumlist)
    >>                {
    >>                        int                     i = foreach_current_index(attno);
    >> 
    >>                        Form_pg_attribute att = TupleDescAttr(tupDesc, attno - 1);
    >> 
    >>                        cstate->domain_with_constraint[i] = DomainHasConstraints(att->atttypid, NULL); <= set with index of column list from SQL
    >>                }
    >> ```
    >> 
    >> However, cstate->domain_with_constraint is read in CopyFromTextLikeOneRow(), where it is accessed using the actual attribute number:
    >> ```
    >>        /* Loop to read the user attributes on the line. */
    >>        foreach(cur, cstate->attnumlist)
    >>        {
    >>                int                     attnum = lfirst_int(cur);
    >>                int                     m = attnum - 1;
    >> 
    >>        ...
    >>                                if (!cstate->domain_with_constraint[m] ||
    >> ```
    >> 
    >> So, if the column list specified in SQL is shorter than the table’s actual attribute list, this may cause an out-of-bounds read.
    >> 
    > Hi.
    > 
    > This appears to be the same issue as reported here:
    > https://postgr.es/m/CAHg+QDdej0c0gWJi2FnbirzhgzyZNPiTwC1P5B_-dSNCzq-91A@mail.gmail.com
    
    Thanks for pointing out that. I will review that patch.
    
    Best regards,
    --
    Chao Li (Evan)
    HighGo Software Co., Ltd.
    https://www.highgo.com/