BUG #13764: function ghstore_consistent() returns a wrong value if var "strategy" contains an unsupported number - Mailing list pgsql-bugs
From | rucsoftsec@163.com |
---|---|
Subject | BUG #13764: function ghstore_consistent() returns a wrong value if var "strategy" contains an unsupported number |
Date | |
Msg-id | 20151110030730.2573.7699@wrigleys.postgresql.org Whole thread Raw |
Responses |
Re: BUG #13764: function ghstore_consistent() returns a wrong value if var "strategy" contains an unsupported number
(Tom Lane <tgl@sss.pgh.pa.us>)
Re: BUG #13764: function ghstore_consistent() returns a wrong value if var "strategy" contains an unsupported number (Alvaro Herrera <alvherre@2ndquadrant.com>) |
List | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 13764 Logged by: Zhang Yan Email address: rucsoftsec@163.com PostgreSQL version: 9.4.5 Operating system: Linux Mint 15 Description: function ghstore_consistent() computes the consistency and return a bool value. It first computes the value of variable "strategy". It second executes different branches of the code depending of different value of variable "straregy". When the value of variable"strategy" is an unsupported strategy number, function ghstore_consistent() will executes the code in line 584. It means function ghstore_consistent() fails, but the value of variable "res" is "true" which will be returned in line 586. Therefore, does it need to assign "false" to variable "res" after line 584? the related code snippets in ghstore_consistent() are as following: 483 Datum 484 ghstore_consistent(PG_FUNCTION_ARGS) 485 { 486 GISTTYPE *entry = (GISTTYPE *) DatumGetPointer(((GISTENTRY *) PG_GETARG_POINTER(0))->key); 487 StrategyNumber strategy = (StrategyNumber) PG_GETARG_UINT16(2); 488 489 /* Oid subtype = PG_GETARG_OID(3); */ 490 bool *recheck = (bool *) PG_GETARG_POINTER(4); 491 bool res = true; 492 BITVECP sign; 493 494 /* All cases served by this function are inexact */ 495 *recheck = true; 496 497 if (ISALLTRUE(entry)) 498 PG_RETURN_BOOL(true); 499 500 sign = GETSIGN(entry); 501 502 if (strategy == HStoreContainsStrategyNumber || 503 strategy == HStoreOldContainsStrategyNumber) 504 { 505 HStore *query = PG_GETARG_HS(1); 506 HEntry *qe = ARRPTR(query); 507 char *qv = STRPTR(query); 508 int count = HS_COUNT(query); 509 int i; 510 511 for (i = 0; res && i < count; ++i) 512 { 513 int crc = crc32_sz((char *) HS_KEY(qe, qv, i), HS_KEYLEN(qe, i)); 514 515 if (GETBIT(sign, HASHVAL(crc))) 516 { 517 if (!HS_VALISNULL(qe, i)) 518 { 519 crc = crc32_sz((char *) HS_VAL(qe, qv, i), HS_VALLEN(qe, i)); 520 if (!GETBIT(sign, HASHVAL(crc))) 521 res = false; 522 } 523 } 524 else 525 res = false; 526 } 527 } 528 else if (strategy == HStoreExistsStrategyNumber) 529 { 530 text *query = PG_GETARG_TEXT_PP(1); 531 int crc = crc32_sz(VARDATA_ANY(query), VARSIZE_ANY_EXHDR(query)); 532 533 res = (GETBIT(sign, HASHVAL(crc))) ? true : false; 534 } 535 else if (strategy == HStoreExistsAllStrategyNumber) 536 { 537 ArrayType *query = PG_GETARG_ARRAYTYPE_P(1); 538 Datum *key_datums; 539 bool *key_nulls; 540 int key_count; 541 int i; 542 543 deconstruct_array(query, 544 TEXTOID, -1, false, 'i', 545 &key_datums, &key_nulls, &key_count); 546 547 for (i = 0; res && i < key_count; ++i) 548 { 549 int crc; 550 551 if (key_nulls[i]) 552 continue; 553 crc = crc32_sz(VARDATA(key_datums[i]), VARSIZE(key_datums[i]) - VARHDRSZ); 554 if (!(GETBIT(sign, HASHVAL(crc)))) 555 res = FALSE; 556 } 557 } 558 else if (strategy == HStoreExistsAnyStrategyNumber) 559 { 560 ArrayType *query = PG_GETARG_ARRAYTYPE_P(1); 561 Datum *key_datums; 562 bool *key_nulls; 563 int key_count; 564 int i; 565 566 deconstruct_array(query, 567 TEXTOID, -1, false, 'i', 568 &key_datums, &key_nulls, &key_count); 569 570 res = FALSE; 571 572 for (i = 0; !res && i < key_count; ++i) 573 { 574 int crc; 575 576 if (key_nulls[i]) 577 continue; 578 crc = crc32_sz(VARDATA(key_datums[i]), VARSIZE(key_datums[i]) - VARHDRSZ); 579 if (GETBIT(sign, HASHVAL(crc))) 580 res = TRUE; 581 } 582 } 583 else 584 elog(ERROR, "Unsupported strategy number: %d", strategy); 585 586 PG_RETURN_BOOL(res); 587 }
pgsql-bugs by date: