Kouhei Sutou
null+****@clear*****
Fri Jun 30 11:48:30 JST 2017
Kouhei Sutou 2017-06-30 11:48:30 +0900 (Fri, 30 Jun 2017) New Revision: ada68322b770d741a08b54acf0493e863cc8f5d3 https://github.com/pgroonga/pgroonga/commit/ada68322b770d741a08b54acf0493e863cc8f5d3 Message: pgroonga_escape: validate synonyms type Added files: expected/function/query-expand/not-text-array-synonyms.out sql/function/query-expand/not-text-array-synonyms.sql Modified files: src/pgrn-query-expand.c Added: expected/function/query-expand/not-text-array-synonyms.out (+7 -0) 100644 =================================================================== --- /dev/null +++ expected/function/query-expand/not-text-array-synonyms.out 2017-06-30 11:48:30 +0900 (4699062) @@ -0,0 +1,7 @@ +CREATE TABLE synonyms ( + term text PRIMARY KEY, + synonym text +); +SELECT pgroonga.query_expand('synonyms', 'term', 'synonym', 'Groonga'); +ERROR: pgroonga: query_expand: synonyms column isn't text[] type: <synonyms>.<synonym> +DROP TABLE synonyms; Added: sql/function/query-expand/not-text-array-synonyms.sql (+8 -0) 100644 =================================================================== --- /dev/null +++ sql/function/query-expand/not-text-array-synonyms.sql 2017-06-30 11:48:30 +0900 (745c904) @@ -0,0 +1,8 @@ +CREATE TABLE synonyms ( + term text PRIMARY KEY, + synonym text +); + +SELECT pgroonga.query_expand('synonyms', 'term', 'synonym', 'Groonga'); + +DROP TABLE synonyms; Modified: src/pgrn-query-expand.c (+29 -19) =================================================================== --- src/pgrn-query-expand.c 2017-06-30 11:39:50 +0900 (70d8c00) +++ src/pgrn-query-expand.c 2017-06-30 11:48:30 +0900 (1b57426) @@ -137,9 +137,10 @@ PGrnInitializeQueryExpand(void) } static Form_pg_attribute -PGrnFindTargetAttribute(Relation table, - const char *columnName, - size_t columnNameSize) +PGrnFindSynonymsAttribute(const char *tableName, + Relation table, + const char *columnName, + size_t columnNameSize) { TupleDesc desc; int i; @@ -149,13 +150,31 @@ PGrnFindTargetAttribute(Relation table, { Form_pg_attribute attribute = desc->attrs[i - 1]; - if (strlen(attribute->attname.data) == columnNameSize && - strncmp(attribute->attname.data, columnName, columnNameSize) == 0) + if (strlen(attribute->attname.data) != columnNameSize) + continue; + if (strncmp(attribute->attname.data, columnName, columnNameSize) != 0) + continue; + + if (attribute->atttypid != TEXTARRAYOID) { - return attribute; + ereport(ERROR, + (errcode(ERRCODE_INVALID_NAME), + errmsg("pgroonga: query_expand: " + "synonyms column isn't text[] type: <%s>.<%.*s>", + tableName, + (int)columnNameSize, columnName))); } + + return attribute; } + ereport(ERROR, + (errcode(ERRCODE_INVALID_NAME), + errmsg("pgroonga: query_expand: " + "synonyms column doesn't exist: <%s>.<%.*s>", + tableName, + (int)columnNameSize, columnName))); + return NULL; } @@ -227,19 +246,10 @@ pgroonga_query_expand(PG_FUNCTION_ARGS) currentData.table = RelationIdGetRelation(tableOID); currentData.synonymsAttribute = - PGrnFindTargetAttribute(currentData.table, - VARDATA_ANY(synonymsColumnName), - VARSIZE_ANY_EXHDR(synonymsColumnName)); - if (!currentData.synonymsAttribute) - { - ereport(ERROR, - (errcode(ERRCODE_INVALID_NAME), - errmsg("pgroonga: query_expand: " - "synonyms column doesn't exist: <%s>.<%.*s>", - DatumGetCString(tableNameDatum), - (int)VARSIZE_ANY_EXHDR(synonymsColumnName), - VARDATA_ANY(synonymsColumnName)))); - } + PGrnFindSynonymsAttribute(DatumGetCString(tableNameDatum), + currentData.table, + VARDATA_ANY(synonymsColumnName), + VARSIZE_ANY_EXHDR(synonymsColumnName)); currentData.index = PGrnFindTargetIndex(currentData.table, VARDATA_ANY(termColumnName), -------------- next part -------------- HTML����������������������������...Download