Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wP6MZ-000QyI-0c
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 18 May 2026 22:23:03 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1wP6MW-003KYC-0V
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 18 May 2026 22:23:01 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <li.evan.chao@gmail.com>)
	id 1wP6MV-003KY4-2k
	for pgsql-hackers@lists.postgresql.org;
	Mon, 18 May 2026 22:23:00 +0000
Received: from mail-pf1-x42c.google.com ([2607:f8b0:4864:20::42c])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <li.evan.chao@gmail.com>)
	id 1wP6MU-00000000GQm-0oAn
	for pgsql-hackers@postgresql.org;
	Mon, 18 May 2026 22:23:00 +0000
Received: by mail-pf1-x42c.google.com with SMTP id
 d2e1a72fcca58-83975e992e1so1089103b3a.2
        for <pgsql-hackers@postgresql.org>;
 Mon, 18 May 2026 15:22:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779142976; x=1779747776;
 darn=postgresql.org;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=G1z2tvfsBlekAcARGuNv7KaKPnltDz+ZgA9vdZtEItA=;
        b=RaPGhrP2p5uKYWhQTwnabNOMo2piB1aTDFDtsIaY7SfnubiUkfxnIpOyGwdcnW0Je7
         OcAw1vylltIWxLJXN99WkdAUzeI3rFpSdu4oB15PvIGVFZC4h2cAHCCTBAJmYMhgY3PU
         wqSOfrLErw3HAY7p64hFpALcLA1KabKrXLSS86C44pB2kUjZDIq56kcZpYFcbnlwu4bB
         J1LJl1v+SLZCY6caK3y3h4lDFky4p1MBSKLv19iAMUSNXzL6835T1MzoC8RH9i+d22Cu
         WMLBL+ZMslbPjechs1NhsW+nIE7HNKoOyqbK6IP0kVlCgn+0iaxdDb0X6wAyMbJDRGuQ
         EHAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779142976; x=1779747776;
        h=to:references:message-id:content-transfer-encoding:cc:date
         :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=G1z2tvfsBlekAcARGuNv7KaKPnltDz+ZgA9vdZtEItA=;
        b=sbvRdt6lPZLNu3MhcTmUejQIn5PJzR7OwFfPdArxl2kEDPq3TiGq2mczwpNj39OdYE
         pzx/ZofUUbKx+AMpMP0OjYBqEYUMfZ8UEj+B9NzDCFUtQYJfgfXOEhB37Ckmbhma0EV6
         ArHPlgUTXCk9WrFrCsmMMq2Y4TgYTHiU7Qfo48aRxjKTLe+TxCaZJIJPjIhXxYLL3Pud
         rshqvyvH2gOGROAY1aj1v5DD4di5LkyhVbzigRA9DIS7Dt1uch8stkp5y0MeJsUNNVni
         sUIEi9FKZRzC3CfC3Is5/ebVpbsHJTc3vwgdw+gmk2DJ0n1pZ70GkW6UFi1K7agy9UhY
         iY5w==
X-Gm-Message-State: AOJu0YxjBN0yo4e0ouUTXj13se6vrFVdxfE+EZ7UyMyncJwsBnKPoxF2
	rVj9o7L6OaZDbLl2uXFEFqOZbVDzVCuavdLtHOlpvKoHIi3T6aiALY+d
X-Gm-Gg: Acq92OElp/4ehfHW/nL5ftmR1GTCNFUJi2vi4wHXUq6PCz1dFyB5ohc1y5Wrtcj1P5r
	a11v6rQXiUXTX5uxAbOctLl69Px4M5fmVdWoH5yW6Q8lSWHYiymcibf4AWQ/v3R3fdxNC7hSCj3
	y4hon6gGVvsq9yUneEip+54SfRoKzLrNYt416C+l/OXnTF/nrDcEbvMr1fk69w7Si11cJNQejHT
	0Ctg2bXCI109pDsrbaz4Jaikwh7aB16BpoFrkFrTEQqZLE5ZO2u3h2sttUNPIV4ijdCYYEGyaKS
	Jpu/USbjyVJQBCYb46oTq5YAYWGY28Vvf3QWDe7qgAV7JROZ9yVGIzyfr2HTg1qZ3IKJFAmMDMm
	mdOEwVOcJE354i4RBjLnPn2dskK1GP9WwQ+PWaaKKek+H+KnLunP4tjqWGNvaH8fY50pgNTuvU2
	1DQOCm31n2KkcakLD58UW0tmFyYNzwbhw=
X-Received: by 2002:a05:6a00:3992:b0:838:a46:ce96 with SMTP id
 d2e1a72fcca58-83f33c5e9c9mr17279244b3a.27.1779142975763;
        Mon, 18 May 2026 15:22:55 -0700 (PDT)
Received: from smtpclient.apple ([45.32.121.103])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-83f196818efsm18928034b3a.16.2026.05.18.15.22.53
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 18 May 2026 15:22:55 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\))
Subject: Re: Fix bug of COPY (on_error set_null)
From: Chao Li <li.evan.chao@gmail.com>
In-Reply-To: 
 <CACJufxHJikPdTV51qxWi5-rcva2-4Unhske80sESo+SQDyraDg@mail.gmail.com>
Date: Tue, 19 May 2026 06:22:15 +0800
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>,
 Peter Eisentraut <peter@eisentraut.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D685C94B-9178-4077-A313-80F125FCE196@gmail.com>
References: <90EF4FA7-9FE2-4EDE-AC04-C349487F7C2A@gmail.com>
 <CACJufxHJikPdTV51qxWi5-rcva2-4Unhske80sESo+SQDyraDg@mail.gmail.com>
To: jian he <jian.universality@gmail.com>
X-Mailer: Apple Mail (2.3864.400.21)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/D685C94B-9178-4077-A313-80F125FCE196%40gmail.com>
Precedence: bulk



> On May 16, 2026, at 13:17, jian he <jian.universality@gmail.com> =
wrote:
>=20
> On Fri, May 15, 2026 at 9:13=E2=80=AFAM Chao Li =
<li.evan.chao@gmail.com> wrote:
>>=20
>> Hi,
>>=20
>> I just tested =E2=80=9CAdd COPY (column list) (on_error set_null) =
option=E2=80=9D. While tracing a normal case, I found a mistake:
>>=20
>> In BeginCopyFrom(), cstate->domain_with_constraint is allocated using =
the length of the specified column list, and set using the index in that =
column list:
>> ```
>>                int                     attr_count =3D =
list_length(cstate->attnumlist);
>>=20
>>                /*
>>                 * When data type conversion fails and ON_ERROR is =
SET_NULL, we need
>>                 * ensure that the input column allow null values.  =
ExecConstraints()
>>                 * will cover most of the cases, but it does not =
verify domain
>>                 * constraints.  Therefore, for constrained domains, =
the null value
>>                 * check must be performed during the initial =
string-to-datum
>>                 * conversion (see CopyFromTextLikeOneRow()).
>>                 */
>>                cstate->domain_with_constraint =3D palloc0_array(bool, =
attr_count); <=3D=3D allocate with length of column list from SQL
>>=20
>>                foreach_int(attno, cstate->attnumlist)
>>                {
>>                        int                     i =3D =
foreach_current_index(attno);
>>=20
>>                        Form_pg_attribute att =3D =
TupleDescAttr(tupDesc, attno - 1);
>>=20
>>                        cstate->domain_with_constraint[i] =3D =
DomainHasConstraints(att->atttypid, NULL); <=3D set with index of column =
list from SQL
>>                }
>> ```
>>=20
>> However, cstate->domain_with_constraint is read in =
CopyFromTextLikeOneRow(), where it is accessed using the actual =
attribute number:
>> ```
>>        /* Loop to read the user attributes on the line. */
>>        foreach(cur, cstate->attnumlist)
>>        {
>>                int                     attnum =3D lfirst_int(cur);
>>                int                     m =3D attnum - 1;
>>=20
>>        ...
>>                                if (!cstate->domain_with_constraint[m] =
||
>> ```
>>=20
>> So, if the column list specified in SQL is shorter than the table=E2=80=
=99s actual attribute list, this may cause an out-of-bounds read.
>>=20
> Hi.
>=20
> This appears to be the same issue as reported here:
> =
https://postgr.es/m/CAHg+QDdej0c0gWJi2FnbirzhgzyZNPiTwC1P5B_-dSNCzq-91A@ma=
il.gmail.com

Thanks for pointing out that. I will review that patch.

Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/