Fix use validator on stack after returning. #91
Conversation
We can see that the ParseAndGetValidatorSpec function returns a pointer pointing to a memory area on stack, and then the return value of this function is assigned to spec->validator, which will be used after the function ParseCreateSpec returning.
| @@ -378,8 +378,10 @@ ParseCreateSpec(Datum databaseDatum, pgbson *createSpec, bool *hasSchemaValidati | |||
| } | |||
| else if (strcmp(key, "validator") == 0) | |||
| { | |||
| spec->validator = ParseAndGetValidatorSpec(&createIter, "create.validator", | |||
| hasSchemaValidationSpec); | |||
| bson_value_t *validator = palloc0(sizeof(bson_value_t)); | |||
There was a problem hiding this comment.
Could we avoid the palloc0 changing ParseAndGetValidatorSpec to take a pointer and assign the value to such pointer?
Then we could call the function like:
ParseAndGetValidatorSpec(&createIter, "create.validator", hasSchemaValidationSpec, &spec->validator)
There was a problem hiding this comment.
Thank you for your review 😊
Do you mean that we should still allocate validator on stack or we should allocate validator on heap in function ParseAndGetValidatorSpec instead of ParseCreateSpec?
As you can see at create_collection_view.c:154, after function ParseCreateSpec returning, spec->validator will be still used, so I think that using palloc is necessary. I can put the palloc into function ParseAndGetValidatorSpec.
There was a problem hiding this comment.
Or you want to use palloc instead of palloc0?
I think using palloc is indeed more reasonable.
There was a problem hiding this comment.
What I mean is that spec in create_collection_view is palloc'd already and not in the stack. So we could just change the signature of the ParseAndGetValidatorSpec function to accept a bson_value_t * instead of returning bson_value_t.
Then it will populate the bson_value_t * passed in with the parsed validator spec.
Then we call is like this:
ParseAndGetValidatorSpec(&createIter, "create.validator", hasSchemaValidationSpec, &spec->validator)
There was a problem hiding this comment.
Thank you for your advice, I will try to make some modifications.
There was a problem hiding this comment.
Thank you for your review.
The validator field in spec is a pointer, so palloc is inevitable.
I can put palloc in function ParseAndGetValidatorSpec instead of ParseCreateSpec.
The core problem is that the function bson_iter_value will return a pointer which points to a memory area on stack.
There was a problem hiding this comment.
bson_value_t is a struct right? - so if we have spec's validator be a bson_value_t (instead of a const bson_value_t *) then when calling ParseAndGetValidatorSpec as called above, we can have something like
specValidator = *bson_iter_value(&iterator)
There was a problem hiding this comment.
Ok, I will make some modifications. Thank you for reviewing.
There was a problem hiding this comment.
Hi, @buriedpot -- where you able to do the adjustment suggested here?
|
@buriedpot friendly ping, will you be able to finish this? Thank you in advance. |
|
Thank you for ping. Unfortunately, I currently don't have time to modify this fix.
If someone else is willing to take over this PR, feel free to use my work as a starting point.
May I close this issue?
Best regards.
…---Original---
From: "Santiago Fernandez ***@***.***>
Date: Sat, May 10, 2025 00:39 AM
To: ***@***.***>;
Cc: ***@***.******@***.***>;
Subject: Re: [microsoft/documentdb] Fix use validator on stack afterreturning. (PR #91)
safern left a comment (microsoft/documentdb#91)
@buriedpot friendly ping, will you be able to finish this? Thank you in advance.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
@buriedpot thanks for your reply. We will try to finish your work then. |
Describe the bug
pg_documentdb/src/metadata/collection.c:1905, the functionParseAndGetValidatorSpecreturns a variablevalidator. It points to a memory area allocated on stack.pg_documentdb/src/commands/create_collection_view.c:382, the functionParseCreateSpecassign the pointer tospec->validator, which will be used after the function returning.Environment
Reproduction Steps
compilation: gcc -fstack-protector-strong -O0
run test case: schema_validation_insert, schema_validation
Solution
Use palloc0. It's worth mentioning that the validator->value.v_doc.data is allocated on heap, so assigning the value of validator to spec->validator is enough and we don't need to do deep copying.