The following issues were found
tsl/test/sql/include/cont_agg_equal.sql
3 issues
Line: 6
Column: 1
-- LICENSE-TIMESCALE for a copy of the license.
--expects QUERY to be set
\o /dev/null
DROP MATERIALIZED VIEW IF EXISTS mat_test;
CREATE MATERIALIZED VIEW mat_test
WITH ( timescaledb.continuous)
Reported by SQLint.
Line: 22
Column: 1
from _timescaledb_catalog.continuous_agg ca
INNER JOIN _timescaledb_catalog.hypertable h ON(h.id = ca.mat_hypertable_id)
where user_view_name = 'mat_test'
\gset
\c :TEST_DBNAME :ROLE_SUPERUSER
INSERT INTO :"MAT_SCHEMA_NAME".:"MAT_TABLE_NAME" SELECT * FROM :"PART_VIEW_SCHEMA".:"PART_VIEW_NAME";
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
\o
Reported by SQLint.
Line: 26
Column: 1
\c :TEST_DBNAME :ROLE_SUPERUSER
INSERT INTO :"MAT_SCHEMA_NAME".:"MAT_TABLE_NAME" SELECT * FROM :"PART_VIEW_SCHEMA".:"PART_VIEW_NAME";
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
\o
with original AS (
SELECT row_number() OVER(ORDER BY q.*) row_number, * FROM (:QUERY) as q
),
Reported by SQLint.
tsl/test/sql/skip_scan.sql
3 issues
Line: 6
Column: 1
-- LICENSE-TIMESCALE for a copy of the license.
-- need superuser to adjust statistics in load script
\c :TEST_DBNAME :ROLE_CLUSTER_SUPERUSER
\set TEST_BASE_NAME skip_scan
SELECT format('include/%s_load.sql', :'TEST_BASE_NAME') AS "TEST_LOAD_NAME",
format('include/%s_query.sql', :'TEST_BASE_NAME') AS "TEST_QUERY_NAME",
format('%s/results/%s_results_unoptimized.out', :'TEST_OUTPUT_DIR', :'TEST_BASE_NAME') AS "TEST_RESULTS_UNOPTIMIZED",
Reported by SQLint.
Line: 26
Column: 1
\o
SET timescaledb.enable_skipscan TO false;
\o :TEST_RESULTS_UNOPTIMIZED
\ir :TEST_QUERY_NAME
\o
RESET timescaledb.enable_skipscan;
-- compare SkipScan results on normal table
Reported by SQLint.
Line: 42
Column: 1
\o
SET timescaledb.enable_skipscan TO false;
\o :TEST_RESULTS_UNOPTIMIZED
\ir :TEST_QUERY_NAME
\o
RESET timescaledb.enable_skipscan;
-- compare SkipScan results on hypertable
Reported by SQLint.
test/sql/include/plan_expand_hypertable_chunks_in_query.sql
2 issues
Line: 25
Column: 1
:PREFIX SELECT time FROM hyper WHERE time=0 AND _timescaledb_internal.chunks_in(hyper, ARRAY[1]);
:PREFIX SELECT first(value, time) FROM hyper h WHERE _timescaledb_internal.chunks_in(h, ARRAY[1]);
\set ON_ERROR_STOP 0
SELECT * FROM hyper WHERE _timescaledb_internal.chunks_in(hyper, ARRAY[1,2]) AND _timescaledb_internal.chunks_in(hyper, ARRAY[2,3]);
SELECT * FROM hyper WHERE _timescaledb_internal.chunks_in(2, ARRAY[1]);
SELECT * FROM hyper WHERE time < 10 OR _timescaledb_internal.chunks_in(hyper, ARRAY[1,2]);
SELECT _timescaledb_internal.chunks_in(hyper, ARRAY[1,2]) FROM hyper;
-- non existing chunk id
Reported by SQLint.
Line: 40
Column: 1
SELECT * FROM hyper h WHERE _timescaledb_internal.chunks_in(h, array_append(ARRAY[1],current_setting('server_version_num')::int));
-- NULL chunk IDs not allowed in chunk array
SELECT * FROM hyper h WHERE _timescaledb_internal.chunks_in(h, ARRAY[NULL::int]);
\set ON_ERROR_STOP 1
-- chunks_in is STRICT function and for NULL arguments a null result is returned
SELECT * FROM hyper h WHERE _timescaledb_internal.chunks_in(h, NULL);
Reported by SQLint.
test/sql/include/join_load.sql
2 issues
Line: 108
Column: 1
);
SELECT table_name FROM create_hypertable('onek','unique2',chunk_time_interval:=1000);
\copy onek FROM 'data/onek.data'
CREATE TABLE tenk1 (
unique1 int4,
unique2 int4,
two int4,
Reported by SQLint.
Line: 130
Column: 1
);
SELECT table_name FROM create_hypertable('tenk1','unique2',chunk_time_interval:=1000);
\copy tenk1 FROM 'data/tenk.data'
CREATE TABLE tenk2 (
unique1 int4,
unique2 int4,
two int4,
Reported by SQLint.
src/loader/loader.c
2 issues
Line: 100
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static bool loaded = false;
static bool loader_present = true;
static char soversion[MAX_VERSION_LEN];
/* GUC to disable the load */
static bool guc_disable_load = false;
/* This is the hook that existed before the loader was installed */
Reported by FlawFinder.
Line: 595
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void inline do_load()
{
char *version = extension_version();
char soname[MAX_SO_NAME_LEN];
post_parse_analyze_hook_type old_hook;
strlcpy(soversion, version, MAX_VERSION_LEN);
/*
Reported by FlawFinder.
src/loader/bgw_message_queue.c
2 issues
Line: 169
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
LWLockAcquire(queue->lock, LW_EXCLUSIVE);
if (queue->num_elements < BGW_MQ_MAX_MESSAGES)
{
memcpy(&queue->buffer[(queue->read_upto + queue->num_elements) % BGW_MQ_MAX_MESSAGES],
message,
sizeof(BgwMessage));
queue->num_elements++;
message_result = MESSAGE_SENT;
}
Reported by FlawFinder.
Line: 198
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (queue->num_elements > 0)
{
message = palloc(sizeof(BgwMessage));
memcpy(message, &queue->buffer[queue->read_upto], sizeof(BgwMessage));
queue->read_upto = (queue->read_upto + 1) % BGW_MQ_MAX_MESSAGES;
queue->num_elements--;
}
LWLockRelease(queue->lock);
return message;
Reported by FlawFinder.
src/jsonb_utils.c
2 issues
Line: 59
Column: 30
CWE codes:
126
json_value.type = jbvString;
json_value.val.string.val = (char *) value;
json_value.val.string.len = strlen(value);
ts_jsonb_add_value(state, key, &json_value);
}
void
Reported by FlawFinder.
Line: 113
Column: 28
CWE codes:
126
json_key.type = jbvString;
json_key.val.string.val = (char *) key;
json_key.val.string.len = strlen(key);
ts_jsonb_add_pair(state, &json_key, value);
}
static void
Reported by FlawFinder.
tsl/test/src/test_compression.c
2 issues
Line: 88
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ArrayCompressor *compressor = array_compressor_alloc(TEXTOID);
ArrayCompressed *compressed;
DecompressionIterator *iter;
char *strings[5] = { "a", "foo", "bar", "gobble gobble gobble", "baz" };
text *texts[5];
int i;
for (i = 0; i < 5; i++)
texts[i] = cstring_to_text(strings[i]);
Reported by FlawFinder.
Line: 168
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
DictionaryCompressor *compressor = dictionary_compressor_alloc(TEXTOID);
DictionaryCompressed *compressed;
DecompressionIterator *iter;
char *strings[5] = { "a", "foo", "bar", "gobble gobble gobble", "baz" };
text *texts[5];
int i;
for (i = 0; i < 5; i++)
texts[i] = cstring_to_text(strings[i]);
Reported by FlawFinder.
tsl/test/sql/include/compress_table_test.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\set ECHO errors
TRUNCATE TABLE compressed;
CREATE TABLE tmp AS SELECT * FROM :"DATA_IN";
SELECT ts_compress_table(:'DATA_IN'::REGCLASS, 'compressed'::REGCLASS, :'COMPRESSION_INFO'::_timescaledb_catalog.hypertable_compression[]);
--compression truncates the DATA_IN table, restore the data
Reported by SQLint.
Line: 66
Column: 1
DROP TABLE decompressed_table;
\set ECHO all
Reported by SQLint.
tsl/src/compression/simple8b_rle.h
2 issues
Line: 250
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (expected_size != size)
elog(ERROR, "the size to serialize does not match simple8brle");
memcpy(dest, data, size);
return dest + size;
}
static Simple8bRleSerialized *
bytes_deserialize_simple8b_and_advance(const char **data)
Reported by FlawFinder.
Line: 400
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Assert(compressor->selectors.buckets.num_elements ==
simple8brle_num_selector_slots_for_num_blocks(compressor->compressed_data.num_elements));
memcpy(compressed->slots + compressor->selectors.buckets.num_elements,
compressor->compressed_data.data,
size_left);
return compressed;
}
Reported by FlawFinder.