From 7bed97d486bda5761ba7e7982e4133aeded6b852 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 5 Oct 2015 10:06:30 -0400 Subject: [PATCH] Prevent stack overflow in query-type functions. The tsquery, ltxtquery and query_int data types have a common ancestor. Having acquired check_stack_depth() calls independently, each was missing at least one call. Back-patch to 9.0 (all supported versions). --- contrib/intarray/_int_bool.c | 3 +++ contrib/ltree/ltxtquery_io.c | 3 +++ contrib/ltree/ltxtquery_op.c | 4 ++++ src/backend/utils/adt/tsquery_cleanup.c | 3 +++ 4 files changed, 13 insertions(+) diff --git a/contrib/intarray/_int_bool.c b/contrib/intarray/_int_bool.c index c3c39d194b..5d9e676660 100644 --- a/contrib/intarray/_int_bool.c +++ b/contrib/intarray/_int_bool.c @@ -564,6 +564,9 @@ typedef struct static void infix(INFIX *in, bool first) { + /* since this function recurses, it could be driven to stack overflow. */ + check_stack_depth(); + if (in->curpol->type == VAL) { RESIZEBUF(in, 11); diff --git a/contrib/ltree/ltxtquery_io.c b/contrib/ltree/ltxtquery_io.c index ddc63d7b66..74010f3cef 100644 --- a/contrib/ltree/ltxtquery_io.c +++ b/contrib/ltree/ltxtquery_io.c @@ -416,6 +416,9 @@ while( ( (inf)->cur - (inf)->buf ) + (addsize) + 1 >= (inf)->buflen ) \ static void infix(INFIX *in, bool first) { + /* since this function recurses, it could be driven to stack overflow. */ + check_stack_depth(); + if (in->curpol->type == VAL) { char *op = in->op + in->curpol->distance; diff --git a/contrib/ltree/ltxtquery_op.c b/contrib/ltree/ltxtquery_op.c index 64f9d219f7..1428c8b478 100644 --- a/contrib/ltree/ltxtquery_op.c +++ b/contrib/ltree/ltxtquery_op.c @@ -8,6 +8,7 @@ #include #include "ltree.h" +#include "miscadmin.h" PG_FUNCTION_INFO_V1(ltxtq_exec); PG_FUNCTION_INFO_V1(ltxtq_rexec); @@ -18,6 +19,9 @@ PG_FUNCTION_INFO_V1(ltxtq_rexec); bool ltree_execute(ITEM *curitem, void *checkval, bool calcnot, bool (*chkcond) (void *checkval, ITEM *val)) { + /* since this function recurses, it could be driven to stack overflow */ + check_stack_depth(); + if (curitem->type == VAL) return (*chkcond) (checkval, curitem); else if (curitem->val == (int32) '!') diff --git a/src/backend/utils/adt/tsquery_cleanup.c b/src/backend/utils/adt/tsquery_cleanup.c index 2545f4eea7..b841006dd0 100644 --- a/src/backend/utils/adt/tsquery_cleanup.c +++ b/src/backend/utils/adt/tsquery_cleanup.c @@ -33,6 +33,9 @@ maketree(QueryItem *in) { NODE *node = (NODE *) palloc(sizeof(NODE)); + /* since this function recurses, it could be driven to stack overflow. */ + check_stack_depth(); + node->valnode = in; node->right = node->left = NULL; if (in->type == QI_OPR)