The following issues were found
src/partitioning.h
3 issues
Line: 28
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct PartitioningFunc
{
char schema[NAMEDATALEN];
char name[NAMEDATALEN];
Oid rettype;
/*
* Function manager info to call the partitioning function on the
Reported by FlawFinder.
Line: 29
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct PartitioningFunc
{
char schema[NAMEDATALEN];
char name[NAMEDATALEN];
Oid rettype;
/*
* Function manager info to call the partitioning function on the
* partitioning column's text representation.
Reported by FlawFinder.
Line: 41
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct PartitioningInfo
{
char column[NAMEDATALEN];
AttrNumber column_attnum;
DimensionType dimtype;
PartitioningFunc partfunc;
} PartitioningInfo;
Reported by FlawFinder.
src/plan_agg_bookend.c
3 issues
Line: 575
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* of level 1, which is why the subquery can become an initplan.)
*/
subroot = (PlannerInfo *) palloc(sizeof(PlannerInfo));
memcpy(subroot, root, sizeof(PlannerInfo));
subroot->query_level++;
subroot->parent_root = root;
/* reset subplan-related stuff */
subroot->plan_params = NIL;
subroot->outer_params = NULL;
Reported by FlawFinder.
Line: 111
Column: 49
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
{
MinMaxAggInfo *mminfo = (MinMaxAggInfo *) lfirst(cell);
if (mminfo->aggfnoid == aggref->aggfnoid && equal(mminfo->target, curTarget->expr))
return (Node *) copyObject(mminfo->param);
}
}
}
return expression_tree_mutator(node, mutate_aggref_node, (void *) context);
Reported by FlawFinder.
Line: 504
Column: 48
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
foreach (l, *context)
{
mminfo = (MinMaxAggInfo *) lfirst(l);
if (mminfo->aggfnoid == aggref->aggfnoid && equal(mminfo->target, value->expr))
return false;
}
mminfo = makeNode(MinMaxAggInfo);
mminfo->aggfnoid = aggref->aggfnoid;
Reported by FlawFinder.
src/utils.c
3 issues
Line: 533
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Also compare the aligned sizes in the assert.
*/
Assert(copy_size == MAXALIGN(tuple->t_len - tuple->t_data->t_hoff));
memcpy(struct_ptr, GETSTRUCT(tuple), copy_size);
return struct_ptr;
}
void *
Reported by FlawFinder.
Line: 801
Column: 6
CWE codes:
126
Assert(IS_INTEGER_TYPE(rettype));
if (strlen(NameStr(open_dim->fd.integer_now_func)) == 0 &&
strlen(NameStr(open_dim->fd.integer_now_func_schema)) == 0)
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_FUNCTION), (errmsg("integer_now function not set"))));
List *name = list_make2(makeString((char *) NameStr(open_dim->fd.integer_now_func_schema)),
Reported by FlawFinder.
Line: 802
Column: 3
CWE codes:
126
Assert(IS_INTEGER_TYPE(rettype));
if (strlen(NameStr(open_dim->fd.integer_now_func)) == 0 &&
strlen(NameStr(open_dim->fd.integer_now_func_schema)) == 0)
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_FUNCTION), (errmsg("integer_now function not set"))));
List *name = list_make2(makeString((char *) NameStr(open_dim->fd.integer_now_func_schema)),
makeString((char *) NameStr(open_dim->fd.integer_now_func)));
Reported by FlawFinder.
src/version.c
3 issues
Line: 206
Column: 2
CWE codes:
120
uname(&os_info);
memset(info, 0, sizeof(VersionOSInfo));
strncpy(info->sysname, os_info.sysname, VERSION_INFO_LEN - 1);
strncpy(info->version, os_info.version, VERSION_INFO_LEN - 1);
strncpy(info->release, os_info.release, VERSION_INFO_LEN - 1);
info->has_pretty_version = get_pretty_version(info->pretty_version);
return true;
Reported by FlawFinder.
Line: 207
Column: 2
CWE codes:
120
memset(info, 0, sizeof(VersionOSInfo));
strncpy(info->sysname, os_info.sysname, VERSION_INFO_LEN - 1);
strncpy(info->version, os_info.version, VERSION_INFO_LEN - 1);
strncpy(info->release, os_info.release, VERSION_INFO_LEN - 1);
info->has_pretty_version = get_pretty_version(info->pretty_version);
return true;
}
Reported by FlawFinder.
Line: 208
Column: 2
CWE codes:
120
memset(info, 0, sizeof(VersionOSInfo));
strncpy(info->sysname, os_info.sysname, VERSION_INFO_LEN - 1);
strncpy(info->version, os_info.version, VERSION_INFO_LEN - 1);
strncpy(info->release, os_info.release, VERSION_INFO_LEN - 1);
info->has_pretty_version = get_pretty_version(info->pretty_version);
return true;
}
#else
Reported by FlawFinder.
test/sql/guc_options.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\c :TEST_DBNAME :ROLE_SUPERUSER
SET timescaledb.debug_optimizer_flags = '';
SHOW timescaledb.debug_optimizer_flags;
SET timescaledb.debug_optimizer_flags = 'show_upper=final';
SHOW timescaledb.debug_optimizer_flags;
SET timescaledb.debug_optimizer_flags = 'show_upper=fin';
Reported by SQLint.
Line: 28
Column: 1
SHOW timescaledb.debug_optimizer_flags;
-- These should all fail
\set ON_ERROR_STOP 0
SET timescaledb.debug_optimizer_flags = NULL;
SET timescaledb.debug_optimizer_flags = 'invalid';
SET timescaledb.debug_optimizer_flags = '"unmatched quote:';
SET timescaledb.debug_optimizer_flags = 'space between';
SET timescaledb.debug_optimizer_flags = 'space between:';
Reported by SQLint.
Line: 47
Column: 1
SET timescaledb.debug_optimizer_flags = 'show_upper=xxx,*,yyy';
SET timescaledb.debug_optimizer_flags = 'show_upper=supercalifragilisticexpialidochious';
SET timescaledb.debug_optimizer_flags = 'show_upper=super,califragilisticexpialidochious';
\set ON_ERROR_STOP 1
Reported by SQLint.
test/sql/include/insert_two_partitions.sql
3 issues
Line: 22
Column: 1
SELECT * FROM create_hypertable('"public"."two_Partitions"'::regclass, 'timeCustom'::name, 'device_id'::name, associated_schema_name=>'_timescaledb_internal'::text, number_partitions => 2, chunk_time_interval=>_timescaledb_internal.interval_to_usec('1 month'));
\set QUIET off
BEGIN;
\COPY public."two_Partitions" FROM 'data/ds1_dev1_1.tsv' NULL AS '';
COMMIT;
INSERT INTO public."two_Partitions"("timeCustom", device_id, series_0, series_1) VALUES
Reported by SQLint.
Line: 24
Column: 1
\set QUIET off
BEGIN;
\COPY public."two_Partitions" FROM 'data/ds1_dev1_1.tsv' NULL AS '';
COMMIT;
INSERT INTO public."two_Partitions"("timeCustom", device_id, series_0, series_1) VALUES
(1257987600000000000, 'dev1', 1.5, 1),
Reported by SQLint.
Line: 36
Column: 1
INSERT INTO "two_Partitions"("timeCustom", device_id, series_0, series_1) VALUES
(1257894000000000000, 'dev2', 1.5, 2);
\set QUIET on
Reported by SQLint.
test/sql/partitioning.sql
3 issues
Line: 6
Column: 1
-- LICENSE-APACHE for a copy of the license.
-- Should expect an error when creating a hypertable from a partition
\set ON_ERROR_STOP 0
CREATE TABLE partitioned_ht_create(time timestamptz, temp float, device int) PARTITION BY RANGE (time);
SELECT create_hypertable('partitioned_ht_create', 'time');
\set ON_ERROR_STOP 1
-- Should expect an error when attaching a hypertable to a partition
Reported by SQLint.
Line: 9
Column: 1
\set ON_ERROR_STOP 0
CREATE TABLE partitioned_ht_create(time timestamptz, temp float, device int) PARTITION BY RANGE (time);
SELECT create_hypertable('partitioned_ht_create', 'time');
\set ON_ERROR_STOP 1
-- Should expect an error when attaching a hypertable to a partition
\set ON_ERROR_STOP 0
CREATE TABLE partitioned_attachment_vanilla(time timestamptz, temp float, device int) PARTITION BY RANGE (time);
CREATE TABLE attachment_hypertable(time timestamptz, temp float, device int);
Reported by SQLint.
Line: 17
Column: 1
CREATE TABLE attachment_hypertable(time timestamptz, temp float, device int);
SELECT create_hypertable('attachment_hypertable', 'time');
ALTER TABLE partitioned_attachment_vanilla ATTACH PARTITION attachment_hypertable FOR VALUES FROM ('2016-07-01') TO ('2016-08-01');
\set ON_ERROR_STOP 1
-- Should not expect an error when attaching a normal table to a partition
CREATE TABLE partitioned_vanilla(time timestamptz, temp float, device int) PARTITION BY RANGE (time);
CREATE TABLE attachment_vanilla(time timestamptz, temp float, device int);
ALTER TABLE partitioned_vanilla ATTACH PARTITION attachment_vanilla FOR VALUES FROM ('2016-07-01') TO ('2016-08-01');
Reported by SQLint.
test/sql/pg_dump_unprivileged.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\c template1 :ROLE_SUPERUSER
SET client_min_messages TO ERROR;
CREATE EXTENSION IF NOT EXISTS timescaledb;
RESET client_min_messages;
Reported by SQLint.
Line: 13
Column: 1
CREATE USER dump_unprivileged CREATEDB;
\c template1 dump_unprivileged
CREATE database dump_unprivileged;
\! utils/pg_dump_unprivileged.sh
\c template1 :ROLE_SUPERUSER
Reported by SQLint.
Line: 16
Column: 1
\c template1 dump_unprivileged
CREATE database dump_unprivileged;
\! utils/pg_dump_unprivileged.sh
\c template1 :ROLE_SUPERUSER
DROP EXTENSION timescaledb;
DROP DATABASE dump_unprivileged;
DROP USER dump_unprivileged;
Reported by SQLint.
test/sql/plan_ordered_append.sql
3 issues
Line: 13
Column: 1
-- are different across versions we need version specific output
-- here anyway.
\set TEST_BASE_NAME plan_ordered_append
SELECT format('include/%s_load.sql', :'TEST_BASE_NAME') as "TEST_LOAD_NAME",
format('include/%s_query.sql', :'TEST_BASE_NAME') as "TEST_QUERY_NAME",
format('%s/results/%s_results_optimized.out', :'TEST_OUTPUT_DIR', :'TEST_BASE_NAME') as "TEST_RESULTS_OPTIMIZED",
format('%s/results/%s_results_unoptimized.out', :'TEST_OUTPUT_DIR', :'TEST_BASE_NAME') as "TEST_RESULTS_UNOPTIMIZED"
\gset
Reported by SQLint.
Line: 35
Column: 1
\set PREFIX_NO_ANALYZE ''
\o :TEST_RESULTS_OPTIMIZED
SET timescaledb.ordered_append = 'on';
\ir :TEST_QUERY_NAME
\o
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.ordered_append = 'off';
\ir :TEST_QUERY_NAME
\o
Reported by SQLint.
Line: 39
Column: 1
\o
\o :TEST_RESULTS_UNOPTIMIZED
SET timescaledb.ordered_append = 'off';
\ir :TEST_QUERY_NAME
\o
:DIFF_CMD
Reported by SQLint.
test/sql/sql_query.sql
3 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\o /dev/null
\ir include/insert_two_partitions.sql
\o
SELECT * FROM PUBLIC."two_Partitions";
Reported by SQLint.
Line: 13
Column: 1
EXPLAIN (verbose ON, costs off) SELECT * FROM PUBLIC."two_Partitions";
\echo "The following queries should NOT scan two_Partitions._hyper_1_1_chunk"
EXPLAIN (verbose ON, costs off) SELECT * FROM PUBLIC."two_Partitions" WHERE device_id = 'dev2';
EXPLAIN (verbose ON, costs off) SELECT * FROM PUBLIC."two_Partitions" WHERE device_id = 'dev'||'2';
EXPLAIN (verbose ON, costs off) SELECT * FROM PUBLIC."two_Partitions" WHERE 'dev'||'2' = device_id;
--test integer partition key
Reported by SQLint.
Line: 34
Column: 1
--Need to verify space partitions are currently pruned in this query
--EXPLAIN (verbose ON, costs off) SELECT * FROM "two_Partitions" WHERE device_id IN ('dev2', 'dev21');
\echo "The following shows non-aggregated queries with time desc using merge append"
EXPLAIN (verbose ON, costs off)SELECT * FROM PUBLIC."two_Partitions" ORDER BY "timeCustom" DESC NULLS LAST limit 2;
--shows that more specific indexes are used if the WHERE clauses "match", uses the series_1 index here.
EXPLAIN (verbose ON, costs off)SELECT * FROM PUBLIC."two_Partitions" WHERE series_1 IS NOT NULL ORDER BY "timeCustom" DESC NULLS LAST limit 2;
--here the "match" is implication series_1 > 1 => series_1 IS NOT NULL
Reported by SQLint.