Re: [HACKERS] invalid UTF-8 via pl/perl

Sat, 02 Jan 2010 17:51:43 -0800 


Andrew Dunstan wrote:

 
I think the plperl glue code should check returned strings using 
pg_verifymbstr().






Please test this patch. I think we'd probably want to trap the encoding 
error and issue a customised error message, but this plugs all the holes 
I can see with the possible exception of values inserted via SPI calls. 
I'll check that out.


cheers

andrew

Index: src/pl/plperl/plperl.c
===================================================================
RCS file: /cvsroot/pgsql/src/pl/plperl/plperl.c,v
retrieving revision 1.157
diff -c -r1.157 plperl.c
*** src/pl/plperl/plperl.c	31 Dec 2009 19:41:37 -0000	1.157
--- src/pl/plperl/plperl.c	3 Jan 2010 01:37:33 -0000
***************
*** 630,636 ****
  					 errmsg("Perl hash contains nonexistent column \"%s\"",
  							key)));
  		if (SvOK(val))
! 			values[attn - 1] = SvPV(val, PL_na);
  	}
  	hv_iterinit(perlhash);
  
--- 630,642 ----
  					 errmsg("Perl hash contains nonexistent column \"%s\"",
  							key)));
  		if (SvOK(val))
! 		{
! 			char * aval;
! 
! 			aval = SvPV(val, PL_na);
! 			pg_verifymbstr(aval, strlen(aval), false);
! 			values[attn - 1] = aval;
! 		}
  	}
  	hv_iterinit(perlhash);
  
***************
*** 829,836 ****
  		atttypmod = tupdesc->attrs[attn - 1]->atttypmod;
  		if (SvOK(val))
  		{
  			modvalues[slotsused] = InputFunctionCall(&finfo,
! 													 SvPV(val, PL_na),
  													 typioparam,
  													 atttypmod);
  			modnulls[slotsused] = ' ';
--- 835,846 ----
  		atttypmod = tupdesc->attrs[attn - 1]->atttypmod;
  		if (SvOK(val))
  		{
+ 			char * aval;
+ 
+ 			aval = SvPV(val, PL_na);
+ 			pg_verifymbstr(aval,strlen(aval), false);
  			modvalues[slotsused] = InputFunctionCall(&finfo,
! 													 aval,
  													 typioparam,
  													 atttypmod);
  			modnulls[slotsused] = ' ';
***************
*** 1468,1474 ****
  		}
  
  		val = SvPV(perlret, PL_na);
! 
  		retval = InputFunctionCall(&prodesc->result_in_func, val,
  								   prodesc->result_typioparam, -1);
  	}
--- 1478,1484 ----
  		}
  
  		val = SvPV(perlret, PL_na);
! 		pg_verifymbstr(val, strlen(val), false);
  		retval = InputFunctionCall(&prodesc->result_in_func, val,
  								   prodesc->result_typioparam, -1);
  	}
***************
*** 2125,2131 ****
  			}
  
  			val = SvPV(sv, PL_na);
! 
  			ret = InputFunctionCall(&prodesc->result_in_func, val,
  									prodesc->result_typioparam, -1);
  			isNull = false;
--- 2135,2141 ----
  			}
  
  			val = SvPV(sv, PL_na);
! 			pg_verifymbstr(val, strlen(val), false);
  			ret = InputFunctionCall(&prodesc->result_in_func, val,
  									prodesc->result_typioparam, -1);
  			isNull = false;

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers






















					Reply via email to