| From: | Amit Langote <amitlangote09(at)gmail(dot)com> |
|---|---|
| To: | Evan Montgomery-Recht <montge(at)mianetworks(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Eliminating SPI / SQL from some RI triggers - take 3 |
| Date: | 2026-04-09 09:29:04 |
| Message-ID: | CA+HiwqETMt=g7BHx3Hf+H4Rtpw836+65O5dwgTaCAWqd_N4UoQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 8, 2026 at 10:23 AM Amit Langote <amitlangote09(at)gmail(dot)com> wrote:
> On Tue, Apr 7, 2026 at 10:00 PM Evan Montgomery-Recht
> <montge(at)mianetworks(dot)net> wrote:
> > Unrelated to my patch, SonarCloud flagged a potential issue in
> > recheck_matched_pk_tuple() (line 3370): the function loops over
> > ii_NumIndexKeyAttrs elements of the skeys array, but the caller in
> > ri_FastPathFlushArray passes recheck_skey[1] -- an array of exactly
> > one element. This is safe because ri_FastPathFlushArray is the
> >
> > single-column FK path, so ii_NumIndexKeyAttrs is always 1 there.
> > However, the function signature doesn't communicate this constraint,
> > which flags as CWE-125 (out-of-bounds read) / CERT C ARR30-C. Adding
> > an nkeys parameter (like ri_FastPathProbeOne already has) would make
> > the contract explicit.
>
> Makes sense. Will push the attached patch for this.
Pushed this fix.
--
Thanks, Amit Langote
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Evgeny Voropaev | 2026-04-09 10:00:10 | Re: Compress prune/freeze records with Delta Frame of Reference algorithm |
| Previous Message | Andrew Dunstan | 2026-04-09 09:27:36 | Re: Reduce timing overhead of EXPLAIN ANALYZE using rdtsc? |