From: Noah Misch <noah@leadboat.com>
Date: Mon, 5 Oct 2015 14:06:30 +0000 (-0400)
Subject: Prevent stack overflow in query-type functions.
X-Git-Tag: REL9_0_23~5
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=682a25d41c8a0e8425bf27453f49add24a047c09;p=postgresql

Prevent stack overflow in query-type functions.

The tsquery, ltxtquery and query_int data types have a common ancestor.
Having acquired check_stack_depth() calls independently, each was
missing at least one call.  Back-patch to 9.0 (all supported versions).
---

diff --git a/contrib/intarray/_int_bool.c b/contrib/intarray/_int_bool.c
index 57c0219836..1e971fc98e 100644
--- a/contrib/intarray/_int_bool.c
+++ b/contrib/intarray/_int_bool.c
@@ -541,6 +541,9 @@ typedef struct
 static void
 infix(INFIX *in, bool first)
 {
+	/* since this function recurses, it could be driven to stack overflow. */
+	check_stack_depth();
+
 	if (in->curpol->type == VAL)
 	{
 		RESIZEBUF(in, 11);
diff --git a/contrib/ltree/ltxtquery_io.c b/contrib/ltree/ltxtquery_io.c
index 2cbcc89f50..34a6a1c5f4 100644
--- a/contrib/ltree/ltxtquery_io.c
+++ b/contrib/ltree/ltxtquery_io.c
@@ -420,6 +420,9 @@ while( ( (inf)->cur - (inf)->buf ) + (addsize) + 1 >= (inf)->buflen ) \
 static void
 infix(INFIX *in, bool first)
 {
+	/* since this function recurses, it could be driven to stack overflow. */
+	check_stack_depth();
+
 	if (in->curpol->type == VAL)
 	{
 		char	   *op = in->op + in->curpol->distance;
diff --git a/contrib/ltree/ltxtquery_op.c b/contrib/ltree/ltxtquery_op.c
index 559c05e2bf..c77e856953 100644
--- a/contrib/ltree/ltxtquery_op.c
+++ b/contrib/ltree/ltxtquery_op.c
@@ -8,6 +8,7 @@
 #include <ctype.h>
 
 #include "ltree.h"
+#include "miscadmin.h"
 
 PG_FUNCTION_INFO_V1(ltxtq_exec);
 PG_FUNCTION_INFO_V1(ltxtq_rexec);
@@ -18,6 +19,9 @@ PG_FUNCTION_INFO_V1(ltxtq_rexec);
 bool
 ltree_execute(ITEM *curitem, void *checkval, bool calcnot, bool (*chkcond) (void *checkval, ITEM *val))
 {
+	/* since this function recurses, it could be driven to stack overflow */
+	check_stack_depth();
+
 	if (curitem->type == VAL)
 		return (*chkcond) (checkval, curitem);
 	else if (curitem->val == (int4) '!')
diff --git a/src/backend/utils/adt/tsquery_cleanup.c b/src/backend/utils/adt/tsquery_cleanup.c
index 2ffa241cf8..ff698f918e 100644
--- a/src/backend/utils/adt/tsquery_cleanup.c
+++ b/src/backend/utils/adt/tsquery_cleanup.c
@@ -34,6 +34,9 @@ maketree(QueryItem *in)
 {
 	NODE	   *node = (NODE *) palloc(sizeof(NODE));
 
+	/* since this function recurses, it could be driven to stack overflow. */
+	check_stack_depth();
+
 	node->valnode = in;
 	node->right = node->left = NULL;
 	if (in->type == QI_OPR)