From 0a52d378b03b7d5ab1d64627a87edaf5ed311c6c Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sat, 27 Jun 2015 17:47:39 -0400 Subject: [PATCH] Avoid passing NULL to memcmp() in lookups of zero-argument functions. A few places assumed they could pass NULL for the argtypes array when looking up functions known to have zero arguments. At first glance it seems that this should be safe enough, since memcmp() is surely not allowed to fetch any bytes if its count argument is zero. However, close reading of the C standard says that such calls have undefined behavior, so we'd probably best avoid it. Since the number of places doing this is quite small, and some other places looking up zero-argument functions were already passing dummy arrays, let's standardize on the latter solution rather than hacking the function lookup code to avoid calling memcmp() in these cases. I also added Asserts to catch any future violations of the new rule. Given the utter lack of any evidence that this actually causes any problems in the field, I don't feel a need to back-patch this change. Per report from Piotr Stefaniak, though this is not his patch. --- src/backend/commands/event_trigger.c | 3 ++- src/backend/commands/foreigncmds.c | 3 ++- src/backend/parser/parse_func.c | 6 ++++++ src/backend/utils/adt/ruleutils.c | 3 ++- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c index cc10c5eb1d..bf40881037 100644 --- a/src/backend/commands/event_trigger.c +++ b/src/backend/commands/event_trigger.c @@ -165,6 +165,7 @@ CreateEventTrigger(CreateEventTrigStmt *stmt) HeapTuple tuple; Oid funcoid; Oid funcrettype; + Oid fargtypes[1]; /* dummy */ Oid evtowner = GetUserId(); ListCell *lc; List *tags = NULL; @@ -230,7 +231,7 @@ CreateEventTrigger(CreateEventTrigStmt *stmt) stmt->trigname))); /* Find and validate the trigger function. */ - funcoid = LookupFuncName(stmt->funcname, 0, NULL, false); + funcoid = LookupFuncName(stmt->funcname, 0, fargtypes, false); funcrettype = get_func_rettype(funcoid); if (funcrettype != EVTTRIGGEROID) ereport(ERROR, diff --git a/src/backend/commands/foreigncmds.c b/src/backend/commands/foreigncmds.c index 3b85c2c017..cc912b2a79 100644 --- a/src/backend/commands/foreigncmds.c +++ b/src/backend/commands/foreigncmds.c @@ -474,12 +474,13 @@ static Oid lookup_fdw_handler_func(DefElem *handler) { Oid handlerOid; + Oid funcargtypes[1]; /* dummy */ if (handler == NULL || handler->arg == NULL) return InvalidOid; /* handlers have no arguments */ - handlerOid = LookupFuncName((List *) handler->arg, 0, NULL, false); + handlerOid = LookupFuncName((List *) handler->arg, 0, funcargtypes, false); /* check that handler has correct return type */ if (get_func_rettype(handlerOid) != FDW_HANDLEROID) diff --git a/src/backend/parser/parse_func.c b/src/backend/parser/parse_func.c index fa9761bac3..430baff116 100644 --- a/src/backend/parser/parse_func.c +++ b/src/backend/parser/parse_func.c @@ -1415,6 +1415,9 @@ func_get_detail(List *funcname, FuncCandidateList raw_candidates; FuncCandidateList best_candidate; + /* Passing NULL for argtypes is no longer allowed */ + Assert(argtypes); + /* initialize output arguments to silence compiler warnings */ *funcid = InvalidOid; *rettype = InvalidOid; @@ -2043,6 +2046,9 @@ LookupFuncName(List *funcname, int nargs, const Oid *argtypes, bool noError) { FuncCandidateList clist; + /* Passing NULL for argtypes is no longer allowed */ + Assert(argtypes); + clist = FuncnameGetCandidates(funcname, nargs, NIL, false, false, noError); while (clist) diff --git a/src/backend/utils/adt/ruleutils.c b/src/backend/utils/adt/ruleutils.c index e316951cf3..2cd4b62701 100644 --- a/src/backend/utils/adt/ruleutils.c +++ b/src/backend/utils/adt/ruleutils.c @@ -718,6 +718,7 @@ pg_get_triggerdef_worker(Oid trigid, bool pretty) SysScanDesc tgscan; int findx = 0; char *tgname; + Oid argtypes[1]; /* dummy */ Datum value; bool isnull; @@ -893,7 +894,7 @@ pg_get_triggerdef_worker(Oid trigid, bool pretty) appendStringInfo(&buf, "EXECUTE PROCEDURE %s(", generate_function_name(trigrec->tgfoid, 0, - NIL, NULL, + NIL, argtypes, false, NULL, EXPR_KIND_NONE)); if (trigrec->tgnargs > 0)