The following issues were found
tsl/test/sql/dist_policy.sql
4 issues
Line: 6
Column: 1
-- LICENSE-TIMESCALE for a copy of the license.
-- Need to be super user to create extension and add data nodes
\c :TEST_DBNAME :ROLE_CLUSTER_SUPERUSER;
\unset ECHO
\o /dev/null
\ir include/remote_exec.sql
\o
Reported by SQLint.
Line: 8
Column: 1
-- Need to be super user to create extension and add data nodes
\c :TEST_DBNAME :ROLE_CLUSTER_SUPERUSER;
\unset ECHO
\o /dev/null
\ir include/remote_exec.sql
\o
\set ECHO all
Reported by SQLint.
Line: 22
Column: 1
database => 'dist_policy_data_node_2');
SELECT * FROM add_data_node('dist_policy_data_node_3', host => 'localhost',
database => 'dist_policy_data_node_3');
\x off
GRANT USAGE ON FOREIGN SERVER dist_policy_data_node_1, dist_policy_data_node_2, dist_policy_data_node_3 TO PUBLIC;
-- Create a fake clock that we can use below and make sure that it is
-- defined on the data nodes as well.
CREATE TABLE time_table (time BIGINT);
Reported by SQLint.
Line: 62
Column: 72
generate_series(1,3) AS device
ORDER BY time, device;
SELECT add_retention_policy('conditions', 5, true) as retention_job_id \gset
-- Now simulate drop_chunks running automatically by calling it
-- explicitly. Show chunks before and after.
SELECT show_chunks('conditions');
SELECT * FROM test.remote_exec(NULL, $$ SELECT show_chunks('conditions'); $$);
Reported by SQLint.
tsl/src/compression/utils.h
4 issues
Line: 17
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint32 out;
StaticAssertStmt(sizeof(float) == sizeof(uint32), "float is not IEEE double wide float");
/* yes, this is the correct way to extract the bits of a floating point number in C */
memcpy(&out, &in, sizeof(uint32));
return out;
}
static inline float
bits_get_float(uint32 bits)
Reported by FlawFinder.
Line: 27
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
float out;
StaticAssertStmt(sizeof(float) == sizeof(uint32), "float is not IEEE double wide float");
/* yes, this is the correct way to extract the bits of a floating point number in C */
memcpy(&out, &bits, sizeof(uint32));
return out;
}
static inline uint64
double_get_bits(double in)
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint64 out;
StaticAssertStmt(sizeof(uint64) == sizeof(double), "double is not IEEE double wide float");
/* yes, this is the correct way to extract the bits of a floating point number in C */
memcpy(&out, &in, sizeof(uint64));
return out;
}
static inline double
bits_get_double(uint64 bits)
Reported by FlawFinder.
Line: 47
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
double out;
StaticAssertStmt(sizeof(uint64) == sizeof(double), "double is not IEEE double wide float");
/* yes, this is the correct way to extract the bits of a floating point number in C */
memcpy(&out, &bits, sizeof(double));
return out;
}
#endif
Reported by FlawFinder.
src/version.h
4 issues
Line: 15
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct VersionOSInfo
{
char sysname[VERSION_INFO_LEN];
char version[VERSION_INFO_LEN];
char release[VERSION_INFO_LEN];
char pretty_version[VERSION_INFO_LEN];
bool has_pretty_version;
} VersionOSInfo;
Reported by FlawFinder.
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct VersionOSInfo
{
char sysname[VERSION_INFO_LEN];
char version[VERSION_INFO_LEN];
char release[VERSION_INFO_LEN];
char pretty_version[VERSION_INFO_LEN];
bool has_pretty_version;
} VersionOSInfo;
Reported by FlawFinder.
Line: 17
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
char sysname[VERSION_INFO_LEN];
char version[VERSION_INFO_LEN];
char release[VERSION_INFO_LEN];
char pretty_version[VERSION_INFO_LEN];
bool has_pretty_version;
} VersionOSInfo;
extern bool ts_version_get_os_info(VersionOSInfo *info);
Reported by FlawFinder.
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char sysname[VERSION_INFO_LEN];
char version[VERSION_INFO_LEN];
char release[VERSION_INFO_LEN];
char pretty_version[VERSION_INFO_LEN];
bool has_pretty_version;
} VersionOSInfo;
extern bool ts_version_get_os_info(VersionOSInfo *info);
Reported by FlawFinder.
test/sql/query.sql
4 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\set TEST_BASE_NAME query
SELECT format('include/%s_load.sql', :'TEST_BASE_NAME') as "TEST_LOAD_NAME",
format('include/%s_query.sql', :'TEST_BASE_NAME') as "TEST_QUERY_NAME",
format('%s/results/%s_results_optimized.out', :'TEST_OUTPUT_DIR', :'TEST_BASE_NAME') as "TEST_RESULTS_OPTIMIZED",
format('%s/results/%s_results_unoptimized.out', :'TEST_OUTPUT_DIR', :'TEST_BASE_NAME') as "TEST_RESULTS_UNOPTIMIZED"
\gset
Reported by SQLint.
Line: 22
Column: 1
\set ECHO errors
SET client_min_messages TO error;
--make output contain query results
\set PREFIX ''
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.enable_optimizations TO true;
\ir :TEST_QUERY_NAME
\o
\o :TEST_RESULTS_UNOPTIMIZED
Reported by SQLint.
Line: 25
Column: 1
\set PREFIX ''
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.enable_optimizations TO true;
\ir :TEST_QUERY_NAME
\o
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.enable_optimizations TO false;
\ir :TEST_QUERY_NAME
\o
Reported by SQLint.
Line: 29
Column: 1
\o
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.enable_optimizations TO false;
\ir :TEST_QUERY_NAME
\o
:DIFF_CMD
SELECT 'Done'
Reported by SQLint.
test/sql/plan_hashagg.sql
4 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\set PREFIX 'EXPLAIN (costs off) '
\ir include/plan_hashagg_load.sql
\ir include/plan_hashagg_query.sql
\set ECHO none
\set TEST_BASE_NAME plan_hashagg
Reported by SQLint.
Line: 21
Column: 1
SET client_min_messages TO error;
--generate the results into two different files
\set PREFIX ''
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.enable_optimizations TO true;
\ir :TEST_QUERY_NAME
\o
\o :TEST_RESULTS_UNOPTIMIZED
Reported by SQLint.
Line: 24
Column: 1
\set PREFIX ''
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.enable_optimizations TO true;
\ir :TEST_QUERY_NAME
\o
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.enable_optimizations TO false;
\ir :TEST_QUERY_NAME
\o
Reported by SQLint.
Line: 28
Column: 1
\o
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.enable_optimizations TO false;
\ir :TEST_QUERY_NAME
\o
:DIFF_CMD
Reported by SQLint.
test/sql/pg_join.sql
4 issues
Line: 14
Column: 1
-- the actual plans produced but in the correctness of the results
-- we need superuser because some of the tests modify statistics
\c :TEST_DBNAME :ROLE_SUPERUSER
\set TEST_BASE_NAME join
SELECT format('include/%s_load.sql', :'TEST_BASE_NAME') as "TEST_LOAD_NAME",
format('include/%s_query.sql', :'TEST_BASE_NAME') as "TEST_QUERY_NAME",
format('%s/results/%s_results_optimized.out', :'TEST_OUTPUT_DIR', :'TEST_BASE_NAME') as "TEST_RESULTS_OPTIMIZED",
Reported by SQLint.
Line: 26
Column: 1
\gset
set client_min_messages to warning;
\ir :TEST_LOAD_NAME
\set PREFIX ''
\set ECHO errors
-- get results with optimizations disabled
\o :TEST_RESULTS_UNOPTIMIZED
Reported by SQLint.
Line: 33
Column: 1
-- get results with optimizations disabled
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.enable_optimizations TO false;
\ir :TEST_QUERY_NAME
\o
-- get query results with all optimizations
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.enable_optimizations TO true;
Reported by SQLint.
Line: 39
Column: 1
-- get query results with all optimizations
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.enable_optimizations TO true;
\ir :TEST_QUERY_NAME
\o
:DIFF_CMD
Reported by SQLint.
tsl/src/compression/create.c
4 issues
Line: 67
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define PRINT_COMPRESSION_TABLE_NAME(buf, prefix, hypertable_id) \
do \
{ \
int ret = snprintf(buf, NAMEDATALEN, prefix, hypertable_id); \
if (ret < 0 || ret > NAMEDATALEN) \
{ \
ereport(ERROR, \
(errcode(ERRCODE_INTERNAL_ERROR), \
errmsg("bad compression hypertable internal name"))); \
Reported by FlawFinder.
Line: 116
Column: 8
CWE codes:
134
Suggestion:
Use a constant for the format specification
int ret;
Assert(fd->orderby_column_index > 0);
ret = snprintf(buf,
NAMEDATALEN,
COMPRESSION_COLUMN_METADATA_PREFIX "%s_%d",
type,
fd->orderby_column_index);
if (ret < 0 || ret > NAMEDATALEN)
Reported by FlawFinder.
Line: 532
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
create_compression_table(Oid owner, CompressColInfo *compress_cols)
{
ObjectAddress tbladdress;
char relnamebuf[NAMEDATALEN];
CatalogSecurityContext sec_ctx;
Datum toast_options;
static char *validnsps[] = HEAP_RELOPT_NAMESPACES;
Oid compress_relid;
Reported by FlawFinder.
Line: 279
Column: 6
CWE codes:
126
continue;
if (strncmp(NameStr(attr->attname),
COMPRESSION_COLUMN_METADATA_PREFIX,
strlen(COMPRESSION_COLUMN_METADATA_PREFIX)) == 0)
elog(ERROR,
"cannot compress tables with reserved column prefix '%s'",
COMPRESSION_COLUMN_METADATA_PREFIX);
namestrcpy(&cc->col_meta[colno].attname, NameStr(attr->attname));
Reported by FlawFinder.
tsl/src/remote/row_by_row_fetcher.c
4 issues
Line: 80
Column: 21
CWE codes:
362
MemoryContext oldcontext;
RowByRowFetcher *fetcher = cast_fetcher(RowByRowFetcher, df);
if (fetcher->state.open)
{
/* data request has already been sent */
Assert(fetcher->state.data_req != NULL);
return;
}
Reported by FlawFinder.
Line: 139
Column: 24
CWE codes:
362
MemoryContext oldcontext;
AsyncRequestSet *fetch_req_wrapper = async_request_set_create();
Assert(fetcher->state.open);
Assert(fetcher->state.data_req != NULL);
data_fetcher_validate(&fetcher->state);
async_request_set_add(fetch_req_wrapper, fetcher->state.data_req);
Reported by FlawFinder.
Line: 249
Column: 22
CWE codes:
362
if (fetcher->state.eof)
return 0;
if (!fetcher->state.open)
row_by_row_fetcher_send_fetch_request(df);
return row_by_row_fetcher_complete(fetcher);
}
Reported by FlawFinder.
Line: 300
Column: 24
CWE codes:
362
{
RowByRowFetcher *fetcher = cast_fetcher(RowByRowFetcher, df);
Assert(fetcher->state.open);
if (fetcher->state.data_req != NULL)
{
async_request_discard_response(fetcher->state.data_req);
pfree(fetcher->state.data_req);
Reported by FlawFinder.
test/sql/util.sql
4 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\set ECHO errors
\set VERBOSITY default
DO $$
BEGIN
ASSERT( _timescaledb_internal.get_partition_for_key(''::text) = 669664877 );
Reported by SQLint.
Line: 11
Column: 3
DO $$
BEGIN
ASSERT( _timescaledb_internal.get_partition_for_key(''::text) = 669664877 );
ASSERT( _timescaledb_internal.get_partition_for_key('dev1'::text) = 1129986420 );
ASSERT( _timescaledb_internal.get_partition_for_key('longlonglonglongpartitionkey'::text) = 1169179734);
END$$;
Reported by SQLint.
Line: 12
Column: 3
BEGIN
ASSERT( _timescaledb_internal.get_partition_for_key(''::text) = 669664877 );
ASSERT( _timescaledb_internal.get_partition_for_key('dev1'::text) = 1129986420 );
ASSERT( _timescaledb_internal.get_partition_for_key('longlonglonglongpartitionkey'::text) = 1169179734);
END$$;
Reported by SQLint.
Line: 13
Column: 1
ASSERT( _timescaledb_internal.get_partition_for_key(''::text) = 669664877 );
ASSERT( _timescaledb_internal.get_partition_for_key('dev1'::text) = 1129986420 );
ASSERT( _timescaledb_internal.get_partition_for_key('longlonglonglongpartitionkey'::text) = 1169179734);
END$$;
Reported by SQLint.
test/src/net/conn_mock.c
4 issues
Line: 72
Column: 2
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
static int
mock_init(Connection *conn)
{
srand(time(0));
return 0;
}
static ConnOps mock_ops = {
.size = sizeof(MockConnection),
Reported by FlawFinder.
Line: 22
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct MockConnection
{
Connection conn;
char recv_buf[MOCK_MAX_BUF_SIZE];
int recv_buf_offset;
int recv_buf_len;
} MockConnection;
static int
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
bytes_to_read = rand() % (max + 1);
}
memcpy(buf, mock->recv_buf + mock->recv_buf_offset, bytes_to_read);
mock->recv_buf_offset += bytes_to_read;
return bytes_to_read;
}
Reported by FlawFinder.
Line: 93
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf_len > MOCK_MAX_BUF_SIZE)
return -1;
memcpy(mock->recv_buf, buf, buf_len);
mock->recv_buf_len = buf_len;
return mock->recv_buf_len;
}
extern void _conn_mock_init(void);
Reported by FlawFinder.