PublicArchive/postgres
2
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-06-21 16:11:13 -04:00
Code Issues Packages Projects Releases Wiki Activity

jsonb_plperl, jsonb_plpython: Fix unguarded recursion and loops.

Browse Source 
Add check_stack_depth() to Jsonb_to_SV, SV_to_JsonbValue,
PLyObject_FromJsonbContainer, and PLyObject_ToJsonbValue.  Without
this, deeply nested JSONB values can crash the backend with SIGSEGV
instead of raising a proper error.

Also add CHECK_FOR_INTERRUPTS() to the while loop in SV_to_JsonbValue
that dereferences chains of Perl references, so that a circular
reference (e.g. $x = \$x) can be cancelled by the user instead of
spinning indefinitely.  (We looked at detecting such circular
references, but it seems more trouble than it's worth.)

Author: Aleksander Alekseev <aleksander@tigerdata.com>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/CAJ7c6TPbjkzUk4qJ5dHvDNEz0hBuFue3A-XWz_=897z+BC+z8A@mail.gmail.com
Backpatch-through: 14
This commit is contained in:
Tom Lane
2026-06-17 11:04:41 -04:00
parent d2cea63065
commit da82fbb8f9
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
contrib/jsonb_plperl/jsonb_plperl.c
+15
View File
@@ -3,6 +3,7 @@
#include <math.h> #include <math.h>
#include "fmgr.h" #include "fmgr.h"
#include "miscadmin.h"
#include "plperl.h" #include "plperl.h"
#include "utils/fmgrprotos.h" #include "utils/fmgrprotos.h"
#include "utils/jsonb.h" #include "utils/jsonb.h"
@@ -66,6 +67,9 @@ Jsonb_to_SV(JsonbContainer *jsonb)
JsonbIterator *it; JsonbIterator *it;
JsonbIteratorToken r; JsonbIteratorToken r;
/* this can recurse via JsonbValue_to_SV() */
check_stack_depth();
it = JsonbIteratorInit(jsonb); it = JsonbIteratorInit(jsonb);
r = JsonbIteratorNext(&it, &v, true); r = JsonbIteratorNext(&it, &v, true);
@@ -179,9 +183,20 @@ SV_to_JsonbValue(SV *in, JsonbInState *jsonb_state, bool is_elem)
dTHX; dTHX;
JsonbValue out; /* result */ JsonbValue out; /* result */
/* this can recurse via AV_to_JsonbValue() or HV_to_JsonbValue() */
check_stack_depth();
/* Dereference references recursively. */ /* Dereference references recursively. */
while (SvROK(in)) while (SvROK(in))
{
/*
* It's possible for circular references to make this an infinite
* loop. Checking for such a situation seems like much more trouble
* than it's worth, but let's provide a way to break out of the loop.
*/
CHECK_FOR_INTERRUPTS();
in = SvRV(in); in = SvRV(in);
}
switch (SvTYPE(in)) switch (SvTYPE(in))
{ {
contrib/jsonb_plpython/jsonb_plpython.c
+7
View File
@@ -1,5 +1,6 @@
#include "postgres.h" #include "postgres.h"
#include "miscadmin.h"
#include "plpy_elog.h" #include "plpy_elog.h"
#include "plpy_typeio.h" #include "plpy_typeio.h"
#include "plpy_util.h" #include "plpy_util.h"
@@ -143,6 +144,9 @@ PLyObject_FromJsonbContainer(JsonbContainer *jsonb)
JsonbIterator *it; JsonbIterator *it;
PyObject *result; PyObject *result;
/* this can recurse via PLyObject_FromJsonbValue() */
check_stack_depth();
it = JsonbIteratorInit(jsonb); it = JsonbIteratorInit(jsonb);
r = JsonbIteratorNext(&it, &v, true); r = JsonbIteratorNext(&it, &v, true);
@@ -410,6 +414,9 @@ PLyObject_ToJsonbValue(PyObject *obj, JsonbInState *jsonb_state, bool is_elem)
{ {
JsonbValue *out; JsonbValue *out;
/* this can recurse via PLyMapping_ToJsonbValue() */
check_stack_depth();
if (!PyUnicode_Check(obj)) if (!PyUnicode_Check(obj))
{ {
if (PySequence_Check(obj)) if (PySequence_Check(obj))