From 0f271e8e8d9c8db0ea86c0d12b3221009b81d8bf Mon Sep 17 00:00:00 2001 From: Amit Langote Date: Wed, 19 Jun 2024 15:22:06 +0900 Subject: SQL/JSON: Correct jsonpath variable name matching Previously, GetJsonPathVar() allowed a jsonpath expression to reference any prefix of a PASSING variable's name. For example, the following query would incorrectly work: SELECT JSON_QUERY(context_item, jsonpath '$xy' PASSING val AS xyz); The fix ensures that the length of the variable name mentioned in a jsonpath expression matches exactly with the name of the PASSING variable before comparing the strings using strncmp(). Reported-by: Alvaro Herrera (off-list) Discussion: https://postgr.es/m/CA+HiwqFGkLWMvELBH6E4SQ45qUHthgcRH6gCJL20OsYDRtFx_w@mail.gmail.com --- src/backend/utils/adt/jsonpath_exec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/backend/utils/adt/jsonpath_exec.c') diff --git a/src/backend/utils/adt/jsonpath_exec.c b/src/backend/utils/adt/jsonpath_exec.c index c30d059a762..d79c9298227 100644 --- a/src/backend/utils/adt/jsonpath_exec.c +++ b/src/backend/utils/adt/jsonpath_exec.c @@ -2994,7 +2994,8 @@ GetJsonPathVar(void *cxt, char *varName, int varNameLen, { JsonPathVariable *curvar = lfirst(lc); - if (!strncmp(curvar->name, varName, varNameLen)) + if (curvar->namelen == varNameLen && + strncmp(curvar->name, varName, varNameLen) == 0) { var = curvar; break; @@ -4118,6 +4119,7 @@ JsonTableInitOpaque(TableFuncScanState *state, int natts) JsonPathVariable *var = palloc(sizeof(*var)); var->name = pstrdup(name->sval); + var->namelen = strlen(var->name); var->typid = exprType((Node *) state->expr); var->typmod = exprTypmod((Node *) state->expr); -- cgit v1.2.3