public inbox for [email protected]
help / color / mirror / Atom feedFrom: Chao Li <[email protected]>
To: jian he <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Cc: Peter Eisentraut <[email protected]>
Subject: Re: Fix bug of COPY (on_error set_null)
Date: Tue, 19 May 2026 06:22:15 +0800
Message-ID: <[email protected]> (raw)
In-Reply-To: <CACJufxHJikPdTV51qxWi5-rcva2-4Unhske80sESo+SQDyraDg@mail.gmail.com>
References: <[email protected]>
<CACJufxHJikPdTV51qxWi5-rcva2-4Unhske80sESo+SQDyraDg@mail.gmail.com>
> On May 16, 2026, at 13:17, jian he <[email protected]> wrote:
>
> On Fri, May 15, 2026 at 9:13 AM Chao Li <[email protected]> wrote:
>>
>> Hi,
>>
>> I just tested “Add COPY (column list) (on_error set_null) option”. While tracing a normal case, I found a mistake:
>>
>> In BeginCopyFrom(), cstate->domain_with_constraint is allocated using the length of the specified column list, and set using the index in that column list:
>> ```
>> int attr_count = list_length(cstate->attnumlist);
>>
>> /*
>> * When data type conversion fails and ON_ERROR is SET_NULL, we need
>> * ensure that the input column allow null values. ExecConstraints()
>> * will cover most of the cases, but it does not verify domain
>> * constraints. Therefore, for constrained domains, the null value
>> * check must be performed during the initial string-to-datum
>> * conversion (see CopyFromTextLikeOneRow()).
>> */
>> cstate->domain_with_constraint = palloc0_array(bool, attr_count); <== allocate with length of column list from SQL
>>
>> foreach_int(attno, cstate->attnumlist)
>> {
>> int i = foreach_current_index(attno);
>>
>> Form_pg_attribute att = TupleDescAttr(tupDesc, attno - 1);
>>
>> cstate->domain_with_constraint[i] = DomainHasConstraints(att->atttypid, NULL); <= set with index of column list from SQL
>> }
>> ```
>>
>> However, cstate->domain_with_constraint is read in CopyFromTextLikeOneRow(), where it is accessed using the actual attribute number:
>> ```
>> /* Loop to read the user attributes on the line. */
>> foreach(cur, cstate->attnumlist)
>> {
>> int attnum = lfirst_int(cur);
>> int m = attnum - 1;
>>
>> ...
>> if (!cstate->domain_with_constraint[m] ||
>> ```
>>
>> So, if the column list specified in SQL is shorter than the table’s actual attribute list, this may cause an out-of-bounds read.
>>
> Hi.
>
> This appears to be the same issue as reported here:
> https://postgr.es/m/CAHg+QDdej0c0gWJi2FnbirzhgzyZNPiTwC1P5B_-dSNCzq-91A@mail.gmail.com
Thanks for pointing out that. I will review that patch.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Fix bug of COPY (on_error set_null)
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox