Обсуждение: Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

Поиск

Список

Период

Сортировка

Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

От

Gurjeet Singh

Дата:

31 января 2023 г., 10:58:28

On Mon, Jan 30, 2023 at 11:50 PM Gurjeet Singh <gurjeet@singh.im> wrote:
> It was the classical case of out-of-bounds access.

> This mistake would've been caught early if there were assertions
> preventing access beyond the number of arguments passed to the
> function. I'll send the assert_enough_args.patch, that adds these
> checks, in a separate thread to avoid potentially confusing cfbot.

Please see attached the patch to that ensures we don't accidentally
access more parameters than that are passed to a SQL callable
function.

Best regards,
Gurjeet
http://Gurje.et

Вложения

assert_enough_args.patch

Re: Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

От

Tom Lane

Дата:

31 января 2023 г., 17:45:56

Gurjeet Singh <gurjeet@singh.im> writes:
> Please see attached the patch to that ensures we don't accidentally
> access more parameters than that are passed to a SQL callable
> function.

I'm unexcited by that.  It'd add a pretty substantial amount
of code to catch an error that hardly anyone ever makes.

            regards, tom lane

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

Обсуждение: Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)

Вложения

Re: Assert fcinfo has enough args before allowing parameter access (was: Re: generate_series for timestamptz and time zone problem)