PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID16186
PG Version12.1
OSLinux
Opened2020-01-06 02:52:51+00
Reported byJian Zhang
StatusNew

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      16186
Logged by:          Jian Zhang
Email address:      (redacted)
PostgreSQL version: 12.1
Operating system:   Linux
Description:        

We checked the code in file “pgbench.c” and there are three errors occurring
in lines 1900, 2100 and 2357 in function evalStandardFunc. All the three
errors are caused by the usage of variables with undefined values. Firstly,
in line 1900, the code is “if ((lval->type == PGBT_DOUBLE || rval->type ==
PGBT_DOUBLE) && func != PGBENCH_MOD)”. The pointer “lval” mentioned in this
line is defined by the code in line 1894 as “PgBenchValue *lval = &vargs[0],
*rval = &vargs[1];”, so it is assigned as the address of “vargs[0]”.
Secondly, in line 2100, the code is “if (varg->type == PGBT_INT)”.	The
pointer “varg” mentioned in this line is defined by the code in line 2096:
“PgBenchValue *varg = &vargs[0];”, so it is also assigned as the address of
“vargs[0]”. Lastly, in line 2357, the code is “vargs[0].type ==
vargs[1].type &&vargs[0].u.bval == vargs[1].u.bval);”. The 1st  and 2nd 
elements of array “vargs” is directly used without confirming weather the
array is correctly defined or not. The array “vargs” is defined by the code
“PgBenchValue vargs[MAX_FARGS];” in line 1855 and is initialized in the
function of “evaluateExpr” in line 1861, the code is “if (!evaluateExpr(st,
l->expr, &vargs[nargs]))”. So the assignment of array “vargs” depends on
both the input pointer “st” and the pointer “I” defined by the input
parameter “args”. All the input parameters of function “evalStandardFunc”
are listed in line 1849. The code is “evalStandardFunc(CState *st,
PgBenchFunction func, PgBenchExprLink *args, PgBenchValue *retval)”. The
program should check the effectiveness of input parameters “st” and “args”
to avoid these three errors.

Messages

DateAuthorSubject
2020-01-06 02:52:51+00PG Bug reporting formBUG #16186: The usage of undefined value in pgbench.c
2020-01-06 07:47:34+00Fabien COELHORe: BUG #16186: The usage of undefined value in pgbench.c