Skip to content

Commit 9c2e660

Browse files
peterepetere
committed
Limit max parameter number with MaxAllocSize
MaxAllocSize puts an upper bound on the largest possible parameter number ($268435455). Use that limit instead of INT_MAX to report that no parameters exist beyond that point instead of reporting an error about the maximum allocation size being exceeded. Author: Erik Wienhold <ewie@ewie.name> Discussion: https://www.postgresql.org/message-id/flat/5d216d1c-91f6-4cbe-95e2-b4cbd930520c@ewie.name
1 parent d35cd06 commit 9c2e660

File tree

3 files changed

+10
-1
lines changed

3 files changed

+10
-1
lines changed

src/backend/parser/parse_param.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
#include "parser/parse_param.h"
3232
#include "utils/builtins.h"
3333
#include "utils/lsyscache.h"
34+
#include "utils/memutils.h"
3435

3536

3637
typedef struct FixedParamState
@@ -136,7 +137,7 @@ variable_paramref_hook(ParseState *pstate, ParamRef *pref)
136137
Param *param;
137138

138139
/* Check parameter number is in range */
139-
if (paramno <= 0 || paramno > INT_MAX / sizeof(Oid))
140+
if (paramno <= 0 || paramno > MaxAllocSize / sizeof(Oid))
140141
ereport(ERROR,
141142
(errcode(ERRCODE_UNDEFINED_PARAMETER),
142143
errmsg("there is no parameter $%d", paramno),

src/test/regress/expected/prepare.out

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,11 @@ SELECT name, statement, parameter_types, result_types FROM pg_prepared_statement
184184
| UPDATE tenk1 SET stringu1 = $2 WHERE unique1 = $1; | |
185185
(6 rows)
186186

187+
-- max parameter number and one above
188+
PREPARE q9 AS SELECT $268435455, $268435456;
189+
ERROR: there is no parameter $268435456
190+
LINE 1: PREPARE q9 AS SELECT $268435455, $268435456;
191+
^
187192
-- test DEALLOCATE ALL;
188193
DEALLOCATE ALL;
189194
SELECT name, statement, parameter_types FROM pg_prepared_statements

src/test/regress/sql/prepare.sql

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,9 @@ PREPARE q8 AS
7878
SELECT name, statement, parameter_types, result_types FROM pg_prepared_statements
7979
ORDER BY name;
8080

81+
-- max parameter number and one above
82+
PREPARE q9 AS SELECT $268435455, $268435456;
83+
8184
-- test DEALLOCATE ALL;
8285
DEALLOCATE ALL;
8386
SELECT name, statement, parameter_types FROM pg_prepared_statements

0 commit comments

Comments
 (0)