plpython: Fix NULL pointer dereferences for broken sequence and mapping objects
PL/Python and its hstore and jsonb transforms build SQL values from Python containers by calling Python C API functions that can return NULL, and in several places the result was used without first checking it. On the sequence side, PySequence_GetItem() is used when converting a returned sequence into a SQL array or composite value, when reading the argument list passed to plpy.execute() or plpy.cursor(), and when reading the list of type names given to plpy.prepare(). On the mapping side, the hstore and jsonb transforms call PyMapping_Size() and PyMapping_Items() and then index the result with PyList_GetItem() and PyTuple_GetItem(). All of these return NULL (or -1), with a Python exception set, for a broken object: for example one whose __getitem__() or items() raises, or which reports a length that disagrees with what it actually yields. The unchecked result was then dereferenced, crashing the backend. Fix this by checking the result of each call and reporting a regular error if it failed, so that the underlying Python exception is surfaced instead of taking down the session. Author: Richard Guo <[email protected]> Reviewed-by: Ayush Tiwari <[email protected]> Discussion: https://postgr.es/m/CAMbWs49BKM9wP6m8bCXEpHwQKp7usvOGV6Jf=j7fyr_bcpx...@mail.gmail.com Backpatch-through: 14 Branch ------ REL_14_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/0b7719f744e694a2a1946f7ddf230bf4fdfad20c Modified Files -------------- .../hstore_plpython/expected/hstore_plpython.out | 65 ++++++++++++++++ contrib/hstore_plpython/hstore_plpython.c | 16 ++++ contrib/hstore_plpython/sql/hstore_plpython.sql | 65 ++++++++++++++++ contrib/jsonb_plpython/expected/jsonb_plpython.out | 89 ++++++++++++++++++++++ contrib/jsonb_plpython/jsonb_plpython.c | 21 ++++- contrib/jsonb_plpython/sql/jsonb_plpython.sql | 77 +++++++++++++++++++ src/pl/plpython/expected/plpython_composite.out | 16 ++++ src/pl/plpython/expected/plpython_spi.out | 51 +++++++++++++ src/pl/plpython/expected/plpython_types.out | 16 ++++ src/pl/plpython/expected/plpython_types_3.out | 16 ++++ src/pl/plpython/plpy_cursorobject.c | 5 ++ src/pl/plpython/plpy_spi.c | 10 +++ src/pl/plpython/plpy_typeio.c | 9 ++- src/pl/plpython/sql/plpython_composite.sql | 12 +++ src/pl/plpython/sql/plpython_spi.sql | 39 ++++++++++ src/pl/plpython/sql/plpython_types.sql | 13 ++++ 16 files changed, 516 insertions(+), 4 deletions(-)
