Re: Server may segfault when using slices on int2vector - Mailing list pgsql-bugs
| From | Ronan Dunklau |
|---|---|
| Subject | Re: Server may segfault when using slices on int2vector |
| Date | |
| Msg-id | 4748023.maNicuM2Tz@ronan_laptop Whole thread Raw |
| In response to | Re: Server may segfault when using slices on int2vector (Tom Lane <tgl@sss.pgh.pa.us>) |
| List | pgsql-bugs |
Le samedi 23 novembre 2013 15:39:39 Tom Lane a =E9crit :
> Heikki Linnakangas <hlinnakangas@vmware.com> writes:
> > On 19.11.2013 16:24, Ronan Dunklau wrote:
> >> [ this crashes: ]
> >> select
> >> a.indkey[1:3],
> >> a.indkey[1:2]
> >> from pg_index as a
> >=20
> > I don't think it's safe to allow slicing int2vectors (nor oidvector=
s).
> > It seems all too likely that the result violates the limitations of=
> > int2vector. In addition to that segfault, the array returned is 1-b=
ased,
> > not 0-based as we assume for int2vectors. One consequence of that i=
s
> > that if you COPY the value out in binary format and try to read it =
back,
> > you'll get an error.
> >=20
> > So I think we should just not allow slicing oidvectors, and throw a=
n
> > error. You can cast from int2vector to int2[], and slice and dice t=
hat
> > as much as you want, so it's not a big loss in functionality.
>=20
> I think more useful is to automatically cast up to int2[], rather tha=
n
> make the user write something as ugly as "(a.indkey::int2[])[1:3]".
> This case is really pretty similar to what we have to do when handlin=
g
> domains over arrays; int2vector could be thought of as a domain over
> int2[] that constrains the allowed subscripting. And what we do for
> those is automatically cast up.
>=20
> With that thought in mind, I tried tweaking transformArrayType() to
> auto-cast int2vector and oidvector to int2[] and oid[]. That resolve=
s
> this crash without throwing an error. On the other hand, it causes
> assignment to an element or slice of these types to throw an error, w=
hich
> strikes me as a Good Thing because otherwise such an assignment could=
> likewise result in a value violating the subscript constraints of the=
se
> types. We could if we liked fix that by providing a cast from int2[]=
to
> int2vector that checks the subscript constraints, but like you I'm no=
t
> thinking it's worth the trouble. There are certainly no cases in the=
> system catalogs where we want to support such manual assignments.
>=20
> While testing that I discovered an independent bug in
> transformAssignmentSubscripts: the "probably shouldn't fail" error
> reporting code doesn't work because "result" has already been set to =
NULL.
> We should fix that as per attached whether or not we choose to resolv=
e
> Ronan's bug this way.
>=20
> The attached patch is just a quick draft for testing; it needs more w=
ork
> on the nearby comments, and the OIDs of int2[] and oid[] should be na=
med
> by #define's in pg_type.h not by literal constants. If there are no
> objections, I'll clean it up and commit.
>=20
> =09=09=09regards, tom lane
Thank you for the match, I saw it got commited.
I have some more questions, however not directly related to this bug.
Casting from int2vector to int2[] returns a zero-indexed array, but sli=
cing an=20
int2vector returns a one-indexed array. This behavior is consistent wit=
h=20
slicing in general, which always returns 1 indexed arrays, but I found =
it=20
surprising, especially when writing a query like this:
select ('1 2'::int2vector)[0:1] =3D ('1 2'::int2vector)::int2[];
I would have expected to return true, but it actually isn't because one=
array=20
is zero-indexed and the other one is not.
Is there a more convenient way to change the lower bound of an array th=
an to=20
slice it ?
Thank you very much.
--=20
Ronan Dunklau
http://dalibo.com - http://dalibo.org
pgsql-bugs by date: