On Wed, Oct 5, 2011 at 00:30, Alex Hunsaker <bada...@gmail.com> wrote:
> On Tue, Oct 4, 2011 at 23:46, Amit Khandekar
> <amit.khande...@enterprisedb.com> wrote:
>> You mean the final changes in plperl_helpers.h would look like
>> something like this right? :
>>
>> static inline char *
>> utf_u2e(const char *utf8_str, size_t len)
>> {
>> char *ret = (char *) pg_do_encoding_conversion((unsigned
>> char *) utf8_str, len, PG_UTF8, GetDatabaseEncoding());
>>
>> if (ret == utf8_str)
>> + {
>> + if (GetDatabaseEncoding() == PG_UTF8 ||
>> + GetDatabaseEncoding() == PG_SQL_ASCII)
>> + {
>> + pg_verify_mbstr_len(PG_UTF8, utf8_str, len, false);
>> + }
>> +
>> ret = pstrdup(ret);
>> + }
>> return ret;
>> }
>
>> Yeah I am ok with that. It's just an additional check besides (ret ==
>> utf8_str) to know if we really require validation.
Find it attached. [ Note I didn't put the check inside the if (ret ==
utf8_str) as it seemed a bit cleaner (indentation wise) to have it
outside ]
*** a/src/pl/plperl/GNUmakefile
--- b/src/pl/plperl/GNUmakefile
***************
*** 57,63 **** PSQLDIR = $(bindir)
include $(top_srcdir)/src/Makefile.shlib
! plperl.o: perlchunks.h plperl_opmask.h
plperl_opmask.h: plperl_opmask.pl
@if [ x"$(perl_privlibexp)" = x"" ]; then echo "configure switch --with-perl was not specified."; exit 1; fi
--- 57,63 ----
include $(top_srcdir)/src/Makefile.shlib
! plperl.o: perlchunks.h plperl_opmask.h plperl_helpers.h
plperl_opmask.h: plperl_opmask.pl
@if [ x"$(perl_privlibexp)" = x"" ]; then echo "configure switch --with-perl was not specified."; exit 1; fi
*** a/src/pl/plperl/expected/plperl.out
--- b/src/pl/plperl/expected/plperl.out
***************
*** 639,641 **** CONTEXT: PL/Perl anonymous code block
--- 639,651 ----
DO $do$ use warnings FATAL => qw(void) ; my @y; my $x = sort @y; 1; $do$ LANGUAGE plperl;
ERROR: Useless use of sort in scalar context at line 1.
CONTEXT: PL/Perl anonymous code block
+ --
+ -- Make sure strings are validated -- This code may fail in a non-UTF8 database
+ -- if it allows null bytes in strings.
+ --
+ CREATE OR REPLACE FUNCTION perl_zerob() RETURNS TEXT AS $$
+ return "abcd\0efg";
+ $$ LANGUAGE plperlu;
+ SELECT perl_zerob();
+ ERROR: invalid byte sequence for encoding "UTF8": 0x00
+ CONTEXT: PL/Perl function "perl_zerob"
*** a/src/pl/plperl/plperl_helpers.h
--- b/src/pl/plperl/plperl_helpers.h
***************
*** 7,16 ****
static inline char *
utf_u2e(const char *utf8_str, size_t len)
{
! char *ret = (char *) pg_do_encoding_conversion((unsigned char *) utf8_str, len, PG_UTF8, GetDatabaseEncoding());
if (ret == utf8_str)
ret = pstrdup(ret);
return ret;
}
--- 7,27 ----
static inline char *
utf_u2e(const char *utf8_str, size_t len)
{
! int enc = GetDatabaseEncoding();
!
! char *ret = (char *) pg_do_encoding_conversion((unsigned char *) utf8_str, len, PG_UTF8, enc);
!
! /*
! * when we are a PG_UTF8 or SQL_ASCII database
! * pg_do_encoding_conversion() will not do any conversion or
! * verification. we need to do it manually instead.
! */
! if (enc == PG_UTF8 || enc == PG_SQL_ASCII)
! pg_verify_mbstr_len(PG_UTF8, utf8_str, len, false);
if (ret == utf8_str)
ret = pstrdup(ret);
+
return ret;
}
*** a/src/pl/plperl/sql/plperl.sql
--- b/src/pl/plperl/sql/plperl.sql
***************
*** 415,417 **** DO $do$ use strict; my $name = "foo"; my $ref = $$name; $do$ LANGUAGE plperl;
--- 415,426 ----
-- check that we can "use warnings" (in this case to turn a warn into an error)
-- yields "ERROR: Useless use of sort in scalar context."
DO $do$ use warnings FATAL => qw(void) ; my @y; my $x = sort @y; 1; $do$ LANGUAGE plperl;
+
+ --
+ -- Make sure strings are validated -- This code may fail in a non-UTF8 database
+ -- if it allows null bytes in strings.
+ --
+ CREATE OR REPLACE FUNCTION perl_zerob() RETURNS TEXT AS $$
+ return "abcd\0efg";
+ $$ LANGUAGE plperlu;
+ SELECT perl_zerob();
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
