From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sat, 13 Aug 2022 19:21:28 +0000 (-0400)
Subject: Catch stack overflow when recursing in transformFromClauseItem().
X-Git-Tag: REL_10_23~68
X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=362032f1768e0c0792fb713234ea1db2ebfaf90d;p=postgresql.git

Catch stack overflow when recursing in transformFromClauseItem().

Most parts of the parser can expect that the stack overflow check
in transformExprRecurse() will trigger before things get desperate.
However, transformFromClauseItem() can recurse directly to self
without having analyzed any expressions, so it's possible to drive
it to a stack-overrun crash.  Add a check to prevent that.

Per bug #17583 from Egor Chindyaskin.  Back-patch to all supported
branches.

Richard Guo

Discussion: https://postgr.es/m/17583-33be55b9f981f75c@postgresql.org
---

diff --git a/src/backend/parser/parse_clause.c b/src/backend/parser/parse_clause.c
index 8ebee4fa5f3..6322deeb122 100644
--- a/src/backend/parser/parse_clause.c
+++ b/src/backend/parser/parse_clause.c
@@ -1099,6 +1099,9 @@ transformFromClauseItem(ParseState *pstate, Node *n,
 						RangeTblEntry **top_rte, int *top_rti,
 						List **namespace)
 {
+	/* Guard against stack overflow due to overly deep subtree */
+	check_stack_depth();
+
 	if (IsA(n, RangeVar))
 	{
 		/* Plain relation reference, or perhaps a CTE reference */