Skip to content

Commit 34605ae

Browse files
schmiddydvarrazzo
schmiddy
authored and
dvarrazzo
committed
Fix bogus use of table name parameters.
Mimic the original code, which used execute_elevel() with params to pass in table names which are assumed to be quoted already by the user.
1 parent 00ddb1e commit 34605ae

File tree

1 file changed

+30
-7
lines changed

1 file changed

+30
-7
lines changed

bin/pg_repack.c

Lines changed: 30 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ static Oid getoid(PGresult *res, int row, int col);
116116
static bool lock_exclusive(PGconn *conn, const char *relid, const char *lock_query, bool start_xact);
117117
static bool kill_ddl(PGconn *conn, Oid relid, bool terminate);
118118
static bool lock_access_share(PGconn *conn, Oid relid, const char *target_name);
119+
static size_t simple_string_list_size(SimpleStringList string_list);
119120

120121
#define SQLSTATE_INVALID_SCHEMA_NAME "3F000"
121122
#define SQLSTATE_QUERY_CANCELED "57014"
@@ -247,6 +248,22 @@ getoid(PGresult *res, int row, int col)
247248
return (Oid)strtoul(PQgetvalue(res, row, col), NULL, 10);
248249
}
249250

251+
/* Returns the number of elements in the given SimpleStringList */
252+
static size_t
253+
simple_string_list_size(SimpleStringList string_list)
254+
{
255+
size_t i = 0;
256+
SimpleStringListCell *cell = table_list.head;
257+
258+
while (cell)
259+
{
260+
cell = cell->next;
261+
i++;
262+
}
263+
264+
return i;
265+
}
266+
250267
/*
251268
* Call repack_one_table for the target table or each table in a database.
252269
*/
@@ -259,6 +276,11 @@ repack_one_database(const char *orderby)
259276
int num;
260277
StringInfoData sql;
261278
SimpleStringListCell *cell;
279+
const char **params = NULL;
280+
size_t num_params = simple_string_list_size(table_list);
281+
282+
if (num_params)
283+
params = pgut_malloc(num_params * sizeof(char *));
262284

263285
initStringInfo(&sql);
264286

@@ -275,18 +297,19 @@ repack_one_database(const char *orderby)
275297

276298
/* acquire target tables */
277299
appendStringInfoString(&sql, "SELECT * FROM repack.tables WHERE ");
278-
if (table_list.head)
300+
if (num_params)
279301
{
280-
appendStringInfoString(&sql, "( ");
281-
for (cell = table_list.head; cell; cell = cell->next)
302+
appendStringInfoString(&sql, "(");
303+
for (i = 0, cell = table_list.head; cell; cell = cell->next, i++)
282304
{
283-
/* FIXME: bogus table quoting */
284-
appendStringInfo(&sql, "relid = '%s'::regclass", cell->val);
305+
/* Construct table name placeholders to be used by PQexecParams */
306+
appendStringInfo(&sql, "relid = $%d::regclass", i + 1);
307+
params[i] = cell->val;
285308
if (cell->next)
286309
appendStringInfoString(&sql, " OR ");
287310
}
288-
appendStringInfoString(&sql, " )");
289-
res = execute_elevel(sql.data, 0, NULL, DEBUG2);
311+
appendStringInfoString(&sql, ")");
312+
res = execute_elevel(sql.data, (int) num_params, params, DEBUG2);
290313
}
291314
else
292315
{

0 commit comments

Comments
 (0)