-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"\u0000" in sql will lead to invalid message format error #1115
Comments
That's an invalid SQL that the command-line tools automatically fix for you, but this library won't. PostgreSQL requires that strings with Unicode-coded symbols in them start with INSERT INTO content(name) VALUES(E'\u0020\u0000') |
thanks @vitaly-t! |
But the error message that we are getting 'invalid message format' doesn't help. You will have to run the query in some sql client to find out the problem. So we have scope of improvement here I believe. |
Guys, I'm afraid this issue was closed prematurely. There is indeed a bug in the driver related specifically to Unicode symbol This one works fine: select E'\u0001' as value And these ones throw that error: select E'\u0000' as value
select '\0' as value This needs to be re-opened, and escalated into a bug. |
I agree that error message from node-postures is misleading. But I am afraid this issue directly related to PostgreSQL server.
You may notice that invalid unicode value is also appears directly on the PostgreSQL Server. The main problem is PostgreSQL does not consider What I can assume here, it's because the nature of zero terminated strings philosophy of C language. It's just a wild guess. |
@nazarhussain That error looks different, and makes me think it just doesn't like the Also, I wonder how |
@vitaly-t I also tried same with Valentia Studio, which uses JDBC adapter and got same error which |
The error message difference is due to the lack of escaping the backslash in the JS code so the Here's the two situations: // Single backslash evaluated to a zero byte locally which is rejected at message level by server:
> client.query("SELECT E'\u0000'").catch((err) => console.error('%s', err)).then(console.log)
error: invalid message format
// Double backslash gets sent to the server correctly
> client.query("SELECT E'\\u0000'").catch((err) => console.error('%s', err)).then(console.log)
error: invalid Unicode escape value at or near "E'\u0000" You can see it in the lengths of the strings too: // Single backslash
> console.log('%s', "SELECT E'\u0000'".length);
11
// Double backslash
> console.log('%s', "SELECT E'\\u0000'".length);
16 This does indicate a bug but not directly related to these error messages. The driver shouldn't be sending strings with zero bytes to the backend as that's invalid and a potential security issue. I'm going to open a separate issue for rejecting those queries in the client as they violate the FEBE protocol. |
@sehrope Does this mean the client should escape those on its own? Or if not, then how do you think this should be handled? This happens way more often than one might think. When you have an app that relies on type |
If the intention is to store that literal string with the backslash then the backslash should be escaped. If the intention is to have string with the zero byte itself be saved then I don't think that's possible. There's no valid way to have a zero byte in there at all. It's either going to be an invalid Unicode string or an invalid message containing a zero byte. Note that this is a difference in the set of valid values for strings in PostgreSQL and JS. The database does not allow zero bytes but JS does. |
Let's consider a practical example: const buffer = new Buffer.alloc(12);
buffer.write("some", "utf-8");
buffer.write(" data", 5, "utf-8");
const columnData = '\\x' + buffer.toString('utf-8');
const visualized = JSON.stringify(columnData);
console.log(visualized);
//=> "\\xsome\u0000 data\u0000\u0000" We can see that the column data that needs to go into the server in fact contains multiple Does this mean the client needs to replace each Relevant links:
UPDATE Actually, there may be a confusion between using |
@vitaly-t |
@sehrope The unicode standards says Do you know PostgresSQL follows which Unicode standard, for which |
OK with command line.
not OK with ng.
The text was updated successfully, but these errors were encountered: