Re: pageinspect: add tuple_data_record()

Wed, 17 Oct 2018 18:02:13 -0700 

> I don't see why you'd get that error, if you re-add a column (with a
> different type), as I did above? Obviously the "replacement" column
> addition would need to be committed.
>

Here's my test case:
CREATE TABLE t3(i INTEGER);

BEGIN;
  ALTER TABLE t3 ADD COLUMN blarg INT;
  INSERT INTO t3(blarg) VALUES (132467890);
ROLLBACK;

ALTER TABLE t3 ADD COLUMN blarg TEXT;

SELECT *, tuple_data_split(
  't3'::regclass, t_data, t_infomask, t_infomask2, t_bits
) FROM heap_page_items(get_raw_page('t3', 0));

SELECT tdr.*, blarg IS NULL
FROM heap_page_items(get_raw_page('t3', 0))
LEFT JOIN LATERAL (
  SELECT *
  FROM tuple_data_record(
    't3'::regclass, t_data, t_infomask, t_infomask2, t_bits
  ) AS n(i INTEGER, blarg TEXT)
) tdr ON true;

DROP TABLE t3;

and here's the output:

CREATE TABLE
BEGIN
ALTER TABLE
INSERT 0 1
ROLLBACK
ALTER TABLE
psql:test.sql:12: ERROR:  unexpected end of tuple data
psql:test.sql:21: ERROR:  unexpected end of tuple data
DROP TABLE


> > That error (unexpected end of tuple data) should (at least in the
> non-TOAST
> > case)
> > prevent the bug of reading beyond the raw tuple data in memory, which
> would
> > be
> > the easiest way I could imagine to cause a serious problem.
>
> You don't need to read beyond the end of the data. You just need to do
> something like reinterpret types, where the original type looks enough
> like a toast header (e.g.) to cause problems.
>
>
> > Is there a case that could crash outside of a non-primitive type that has
> > unsafe data reading code?
>
> Just about anything that's not a fixed length type would be unsafe.
>

Let's use the example of TEXT (that isn't TOASTed). If some bytes
are incorrectly interpreted as variable length text, then you have two
possibilities that I can see:

1. The determined length is less than the fixed type's space, in which
case we get bogus interpretation but it is not unsafe.
2. The determined length is greater than the fixed type's space. In this
case we get either bogus interpretation (of data beyond the fixed type's
space) or we get an error (like above).

Assuming bounds checking disallows reading beyond the raw tuple
data, then I still do not understand how a variable length field like
text (outside of TOAST at least) could be actually unsafe. It obviously
could give bizarre data.

Reply via email to