The following issues were found
test/sql/plain.sql
2 issues
Line: 24
Column: 1
CREATE TYPE rainbow AS ENUM ('red', 'orange', 'yellow', 'green', 'blue', 'purple');
ALTER TYPE rainbow RENAME TO colors;
\dT+
REINDEX TABLE regular_table;
\c :TEST_DBNAME :ROLE_SUPERUSER
REINDEX SCHEMA public;
Reported by SQLint.
Line: 27
Column: 1
\dT+
REINDEX TABLE regular_table;
\c :TEST_DBNAME :ROLE_SUPERUSER
REINDEX SCHEMA public;
-- Not only simple statements should work
CREATE TABLE a (aa TEXT);
CREATE TABLE z (b TEXT, PRIMARY KEY(aa, b)) inherits (a);
Reported by SQLint.
tsl/test/sql/remote_txn_id.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-TIMESCALE for a copy of the license.
\c :TEST_DBNAME :ROLE_SUPERUSER
CREATE FUNCTION _timescaledb_internal.test_remote_txn_id()
RETURNS void
AS :TSL_MODULE_PATHNAME, 'ts_test_remote_txn_id'
LANGUAGE C STRICT;
Reported by SQLint.
Line: 25
Column: 1
SELECT txn_id, _timescaledb_internal.rxid_in(_timescaledb_internal.rxid_out(txn_id))::text = txn_id::text FROM tbl_w_rxid;
\set ON_ERROR_STOP 0
INSERT INTO tbl_w_rxid VALUES ('ts-1-10-20-30');
SELECT ''::rxid;
SELECT '---'::rxid;
SELECT '----'::rxid;
Reported by SQLint.
src/adts/bit_array_impl.h
2 issues
Line: 149
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (num_bits_out != NULL)
*num_bits_out = bit_array_num_bits(array);
memcpy(dst, array->buckets.data, size);
return size;
}
static inline char *
bytes_store_bit_array_and_advance(char *dest, size_t expected_size, const BitArray *array,
Reported by FlawFinder.
Line: 168
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (size > 0)
{
Assert(array->buckets.data != NULL);
memcpy(dest, array->buckets.data, size);
}
return dest + size;
}
static inline void
Reported by FlawFinder.
test/sql/updates/setup.databases.sql
2 issues
Line: 13
Column: 1
-- otherwise dn1 will have the same UUID as 'single' since template1
-- has the extension pre-installed.
CREATE DATABASE dn1 TEMPLATE template0;
\c dn1
-- Make sure the extension is installed so that extension versions
-- that don't support multinode will still be able to update the
-- extension with ALTER EXTENSION ... UPDATE.
CREATE EXTENSION IF NOT EXISTS timescaledb;
Reported by SQLint.
Line: 19
Column: 1
-- extension with ALTER EXTENSION ... UPDATE.
CREATE EXTENSION IF NOT EXISTS timescaledb;
\c single
CREATE EXTENSION IF NOT EXISTS timescaledb;
Reported by SQLint.
src/catalog.c
2 issues
Line: 261
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
};
static const char *catalog_table_serial_id_names[_MAX_CATALOG_TABLES] = {
[HYPERTABLE] = CATALOG_SCHEMA_NAME ".hypertable_id_seq",
[HYPERTABLE_DATA_NODE] = NULL,
[DIMENSION] = CATALOG_SCHEMA_NAME ".dimension_id_seq",
[DIMENSION_SLICE] = CATALOG_SCHEMA_NAME ".dimension_slice_id_seq",
[CHUNK] = CATALOG_SCHEMA_NAME ".chunk_id_seq",
Reported by FlawFinder.
Line: 301
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Names for proxy tables used for cache invalidation. Must match names in
* sql/cache.sql */
static const char *cache_proxy_table_names[_MAX_CACHE_TYPES] = {
[CACHE_TYPE_HYPERTABLE] = "cache_inval_hypertable",
[CACHE_TYPE_BGW_JOB] = "cache_inval_bgw_job",
};
/* Catalog information for the current database. */
Reported by FlawFinder.
test/sql/net.sql
2 issues
Line: 5
Column: 1
-- Please see the included NOTICE for copyright information and
-- LICENSE-APACHE for a copy of the license.
\c :TEST_DBNAME :ROLE_SUPERUSER
CREATE OR REPLACE FUNCTION _timescaledb_internal.test_http_parsing(int) RETURNS VOID
AS :MODULE_PATHNAME, 'ts_test_http_parsing' LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
CREATE OR REPLACE FUNCTION _timescaledb_internal.test_http_parsing_full() RETURNS VOID
AS :MODULE_PATHNAME, 'ts_test_http_parsing_full' LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
CREATE OR REPLACE FUNCTION _timescaledb_internal.test_http_request_build() RETURNS VOID
Reported by SQLint.
Line: 15
Column: 1
CREATE OR REPLACE FUNCTION _timescaledb_internal.test_conn() RETURNS VOID
AS :MODULE_PATHNAME, 'ts_test_conn' LANGUAGE C IMMUTABLE STRICT PARALLEL SAFE;
\c :TEST_DBNAME :ROLE_DEFAULT_PERM_USER
SELECT _timescaledb_internal.test_http_parsing(10000);
SELECT _timescaledb_internal.test_http_parsing_full();
SELECT _timescaledb_internal.test_http_request_build();
SELECT _timescaledb_internal.test_conn();
Reported by SQLint.
tsl/test/sql/compression_qualpushdown.sql
2 issues
Line: 23
Column: 25
SELECT ch1.table_name AS "CHUNK_NAME", ch1.schema_name|| '.' || ch1.table_name AS "CHUNK_FULL_NAME"
FROM _timescaledb_catalog.chunk ch1, _timescaledb_catalog.hypertable ht
WHERE ch1.hypertable_id = ht.id AND ht.table_name LIKE 'hyper'
ORDER BY ch1.id LIMIT 1 \gset
SELECT compress_chunk(:'CHUNK_FULL_NAME');
-- test for qual pushdown
explain (costs off, verbose)
Reported by SQLint.
Line: 91
Column: 1
order by factorid, end_dt;
--should fail
\set ON_ERROR_STOP 0
select factorid, end_dt, logret
from metaseg_tab
where fmid = 56
and end_dt::date = 10;
Reported by SQLint.
test/sql/updates/setup.compression.sql
2 issues
Line: 39
Column: 1
WHERE hypertable.table_name = 'compress' and chunk.compressed_chunk_id IS NULL
ORDER BY chunk.id;
\if :WITH_ROLES
GRANT SELECT ON compress TO tsdbadmin;
\endif
Reported by SQLint.
Line: 41
Column: 1
\if :WITH_ROLES
GRANT SELECT ON compress TO tsdbadmin;
\endif
Reported by SQLint.
tsl/src/compression/compression.c
2 issues
Line: 1183
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (per_col->is_compressed)
{
char *data = (char *) PG_DETOAST_DATUM(compressed_datums[col]);
CompressedDataHeader *header = (CompressedDataHeader *) data;
per_col->iterator =
definitions[header->compression_algorithm]
.iterator_init_forward(PointerGetDatum(data), per_col->decompressed_type);
Reported by FlawFinder.
Line: 1405
Column: 21
CWE codes:
126
tsl_compressed_data_in(PG_FUNCTION_ARGS)
{
const char *input = PG_GETARG_CSTRING(0);
size_t input_len = strlen(input);
int decoded_len;
char *decoded;
StringInfoData data;
Datum result;
Reported by FlawFinder.
tsl/src/nodes/decompress_chunk/decompress_chunk.c
2 issues
Line: 267
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy_decompress_chunk_path(DecompressChunkPath *src)
{
DecompressChunkPath *dst = palloc(sizeof(DecompressChunkPath));
memcpy(dst, src, sizeof(DecompressChunkPath));
return dst;
}
static CompressionInfo *
Reported by FlawFinder.
Line: 609
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
RestrictInfo *newinfo = makeNode(RestrictInfo);
/* Copy all flat-copiable fields */
memcpy(newinfo, oldinfo, sizeof(RestrictInfo));
/* Recursively fix the clause itself */
newinfo->clause = (Expr *) chunk_joininfo_mutator((Node *) oldinfo->clause, context);
/* and the modified version, if an OR clause */
Reported by FlawFinder.