Closed RekGRpth closed 2 years ago
Hi,
The 1st one is for bool constants. Those can only have a finite number of values:
switch (expr->booltesttype)
{
case IS_TRUE:
constant = "TRUE::bool";
opoid = BooleanEqualOperator;
break;
case IS_FALSE:
constant = "FALSE::bool";
opoid = BooleanEqualOperator;
break;
case IS_NOT_TRUE:
constant = "TRUE::bool";
opoid = BooleanNotEqualOperator;
break;
case IS_NOT_FALSE:
constant = "FALSE::bool";
opoid = BooleanNotEqualOperator;
break;
case IS_UNKNOWN:
constant = "NULL::bool";
opoid = BooleanEqualOperator;
break;
case IS_NOT_UNKNOWN:
constant = "NULL::bool";
opoid = BooleanNotEqualOperator;
break;
default:
/* Bail out */
return NULL;
}
Given their content, they shouldn't contain multibytes caracters and even if they did they would still fit in the fixed 80B constant size. We can therefore simply use strncpy() without any risk. That being said it would be better to eventually use some safer API.
For the 2nd one, we do have to handle the possibility of truncating the constant (not breaking multibyte caracters) so we use a safer API where there's no risk of buffer overflow. Note that this was originally written as the 1st one using strncpy, and later changed with a safer API to handle multibyte truncation.
on first there is compiler warning
In function 'pgqs_process_booltest',
inlined from 'pgqs_whereclause_tree_walker' at pg_qualstats.c:1765:4:
pg_qualstats.c:1362:4: warning: 'strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
1362 | strncpy(entry->constvalue, utf8const, strlen(utf8const));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Werror=vla -Wendif-labels -Wmissing-format-attribute -Wimplicit-fallthrough=3 -Wcast-function-type -Wformat-security -fno-strict-aliasing -fwrapv -fexcess-precision=standard -Wno-format-truncation -Wno-stringop-truncation -O2 -fomit-frame-pointer -fPIC pg_qualstats.o -L/usr/lib -Wl,--as-needed,-O1,--sort-common -L/usr/lib/llvm12/lib -Wl,--as-needed -shared -o pg_qualstats.so
Ah indeed the length is wrong. Fortunately this can't lead to any bug right now but it should be fixed. Thanks for the report!
Commit https://github.com/powa-team/pg_qualstats/commit/69fe2d401611b87b05f343f8cf746b3638182b24 should fix that issue!
why different utf8const handling? https://github.com/powa-team/pg_qualstats/blob/75e1c0987cbcf30ed99c8b9726ee05b410e50e73/pg_qualstats.c#L1362 and https://github.com/powa-team/pg_qualstats/blob/75e1c0987cbcf30ed99c8b9726ee05b410e50e73/pg_qualstats.c#L1700