Postgres Pro
Downloads
Home   >   mailing lists

Re: pageinspect: add tuple_data_record() - Mailing list pgsql-hackers

From James Coleman
Subject Re: pageinspect: add tuple_data_record()
Date
Msg-id CAAaqYe_Xn2EwGZPk7YSiL-Pzgj7GuBEWh7Sjz6gb07V=E4bWPQ@mail.gmail.com
Whole thread Raw
In response to Re: pageinspect: add tuple_data_record()  (Andres Freund <andres@anarazel.de>)
List pgsql-hackers
Tree view

I don't see why you'd get that error, if you re-add a column (with a
different type), as I did above? Obviously the "replacement" column
addition would need to be committed.

Here's my test case:
CREATE TABLE t3(i INTEGER);

BEGIN;
  ALTER TABLE t3 ADD COLUMN blarg INT;
  INSERT INTO t3(blarg) VALUES (132467890);
ROLLBACK;

ALTER TABLE t3 ADD COLUMN blarg TEXT;

SELECT *, tuple_data_split(
  't3'::regclass, t_data, t_infomask, t_infomask2, t_bits
) FROM heap_page_items(get_raw_page('t3', 0));

SELECT tdr.*, blarg IS NULL
FROM heap_page_items(get_raw_page('t3', 0))
LEFT JOIN LATERAL (
  SELECT *
  FROM tuple_data_record(
    't3'::regclass, t_data, t_infomask, t_infomask2, t_bits
  ) AS n(i INTEGER, blarg TEXT)
) tdr ON true;

DROP TABLE t3;

and here's the output:

CREATE TABLE
BEGIN
ALTER TABLE
INSERT 0 1
ROLLBACK
ALTER TABLE
psql:test.sql:12: ERROR:  unexpected end of tuple data
psql:test.sql:21: ERROR:  unexpected end of tuple data
DROP TABLE
 
> That error (unexpected end of tuple data) should (at least in the non-TOAST
> case)
> prevent the bug of reading beyond the raw tuple data in memory, which would
> be
> the easiest way I could imagine to cause a serious problem.

You don't need to read beyond the end of the data. You just need to do
something like reinterpret types, where the original type looks enough
like a toast header (e.g.) to cause problems.


> Is there a case that could crash outside of a non-primitive type that has
> unsafe data reading code?

Just about anything that's not a fixed length type would be unsafe.

Let's use the example of TEXT (that isn't TOASTed). If some bytes
are incorrectly interpreted as variable length text, then you have two
possibilities that I can see:

1. The determined length is less than the fixed type's space, in which
case we get bogus interpretation but it is not unsafe.
2. The determined length is greater than the fixed type's space. In this
case we get either bogus interpretation (of data beyond the fixed type's
space) or we get an error (like above).

Assuming bounds checking disallows reading beyond the raw tuple
data, then I still do not understand how a variable length field like
text (outside of TOAST at least) could be actually unsafe. It obviously
could give bizarre data. 

pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: DSM robustness failure (was Re: Peripatus/failures)
Next
From: Larry Rosenman
Date:
Subject: Re: DSM robustness failure (was Re: Peripatus/failures)