diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-08-13 15:21:28 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-08-13 15:21:28 -0400 |
| commit | 496ab1d6c8d853899595e986f04cd70c4b13dac4 (patch) | |
| tree | 5dc3edb96c98c6f8636dfbfce04762329eb65fc9 | |
| parent | 2db574a2184e5e6ae289e48079e8523c9cbdc8c4 (diff) | |
| download | postgresql-496ab1d6c8d853899595e986f04cd70c4b13dac4.tar.gz postgresql-496ab1d6c8d853899595e986f04cd70c4b13dac4.zip | |
Catch stack overflow when recursing in transformFromClauseItem().
Most parts of the parser can expect that the stack overflow check
in transformExprRecurse() will trigger before things get desperate.
However, transformFromClauseItem() can recurse directly to self
without having analyzed any expressions, so it's possible to drive
it to a stack-overrun crash. Add a check to prevent that.
Per bug #17583 from Egor Chindyaskin. Back-patch to all supported
branches.
Richard Guo
Discussion: https://postgr.es/m/17583-33be55b9f981f75c@postgresql.org
| -rw-r--r-- | src/backend/parser/parse_clause.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/parser/parse_clause.c b/src/backend/parser/parse_clause.c index 2763af9470e..b5a984ad14b 100644 --- a/src/backend/parser/parse_clause.c +++ b/src/backend/parser/parse_clause.c @@ -1054,6 +1054,9 @@ transformFromClauseItem(ParseState *pstate, Node *n, ParseNamespaceItem **top_nsitem, List **namespace) { + /* Guard against stack overflow due to overly deep subtree */ + check_stack_depth(); + if (IsA(n, RangeVar)) { /* Plain relation reference, or perhaps a CTE reference */ |