From ea68c221f4d2351e111ff3d7573ef67a0e9c855a Mon Sep 17 00:00:00 2001
From: Noah Misch <noah@leadboat.com>
Date: Mon, 5 Oct 2015 10:06:30 -0400
Subject: [PATCH] Prevent stack overflow in query-type functions.

The tsquery, ltxtquery and query_int data types have a common ancestor.
Having acquired check_stack_depth() calls independently, each was
missing at least one call.  Back-patch to 9.0 (all supported versions).
---
 contrib/intarray/_int_bool.c            | 3 +++
 contrib/ltree/ltxtquery_io.c            | 3 +++
 contrib/ltree/ltxtquery_op.c            | 4 ++++
 src/backend/utils/adt/tsquery_cleanup.c | 3 +++
 4 files changed, 13 insertions(+)

diff --git a/contrib/intarray/_int_bool.c b/contrib/intarray/_int_bool.c
index 43cc0d42d5c..ac501b474b7 100644
--- a/contrib/intarray/_int_bool.c
+++ b/contrib/intarray/_int_bool.c
@@ -575,6 +575,9 @@ typedef struct
 static void
 infix(INFIX *in, bool first)
 {
+	/* since this function recurses, it could be driven to stack overflow. */
+	check_stack_depth();
+
 	if (in->curpol->type == VAL)
 	{
 		RESIZEBUF(in, 11);
diff --git a/contrib/ltree/ltxtquery_io.c b/contrib/ltree/ltxtquery_io.c
index 13ea58df3f5..d0e4b7f7e22 100644
--- a/contrib/ltree/ltxtquery_io.c
+++ b/contrib/ltree/ltxtquery_io.c
@@ -420,6 +420,9 @@ while( ( (inf)->cur - (inf)->buf ) + (addsize) + 1 >= (inf)->buflen ) \
 static void
 infix(INFIX *in, bool first)
 {
+	/* since this function recurses, it could be driven to stack overflow. */
+	check_stack_depth();
+
 	if (in->curpol->type == VAL)
 	{
 		char	   *op = in->op + in->curpol->distance;
diff --git a/contrib/ltree/ltxtquery_op.c b/contrib/ltree/ltxtquery_op.c
index 1c138886058..8ffa2401699 100644
--- a/contrib/ltree/ltxtquery_op.c
+++ b/contrib/ltree/ltxtquery_op.c
@@ -8,6 +8,7 @@
 #include <ctype.h>
 
 #include "ltree.h"
+#include "miscadmin.h"
 
 PG_FUNCTION_INFO_V1(ltxtq_exec);
 PG_FUNCTION_INFO_V1(ltxtq_rexec);
@@ -18,6 +19,9 @@ PG_FUNCTION_INFO_V1(ltxtq_rexec);
 bool
 ltree_execute(ITEM *curitem, void *checkval, bool calcnot, bool (*chkcond) (void *checkval, ITEM *val))
 {
+	/* since this function recurses, it could be driven to stack overflow */
+	check_stack_depth();
+
 	if (curitem->type == VAL)
 		return (*chkcond) (checkval, curitem);
 	else if (curitem->val == (int4) '!')
diff --git a/src/backend/utils/adt/tsquery_cleanup.c b/src/backend/utils/adt/tsquery_cleanup.c
index 054b529845a..5a95f371c9a 100644
--- a/src/backend/utils/adt/tsquery_cleanup.c
+++ b/src/backend/utils/adt/tsquery_cleanup.c
@@ -33,6 +33,9 @@ maketree(QueryItem *in)
 {
 	NODE	   *node = (NODE *) palloc(sizeof(NODE));
 
+	/* since this function recurses, it could be driven to stack overflow. */
+	check_stack_depth();
+
 	node->valnode = in;
 	node->right = node->left = NULL;
 	if (in->type == QI_OPR)
-- 
GitLab