Re: Potential security risk associated with function call

On 3/10/26 11:24, Jet wrote:
> Hi Hackers,
>
> Recently, I notice a security risk when calling a function, it's
> strange but also interesting. E.g.
>
> `array_to_text_null` is a bultin function with 3 args. Normally, the
> function is working well. **BUT**
> if we create another version `array_to_text_null` function, say
> `harmful_array_to_string`, but with 2 args:
>
>
Yikes. This seems really dangerous.
> A simple patch provided to prevent to access unknow args memory.
>
I don't think this patch will cover all cases as the function might do
something else with the data instead of checking for NULL, especially if
it expects to be called from a function that is defined with RETURNS
NULL ON NULL INPUT on the sql side.

My gut reaction would be to limit the creation of functions with
language=internal to superusers, but that wouldn't work as it would
break CREATE EXTENSION when there are server modules involved.

Maybe all C functions that are able to be used as language=internal
needs to explicitly check nargs at the top of the function? 

-- 
Anders Åstrand
Percona