Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sql: currval('') produces bad error message #34527

Closed
jordanlewis opened this issue Feb 3, 2019 · 6 comments · Fixed by #70590
Closed

sql: currval('') produces bad error message #34527

jordanlewis opened this issue Feb 3, 2019 · 6 comments · Fixed by #70590
Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. E-starter Might be suitable for a starter project for new employees or team members. S-3-ux-surprise Issue leaves users wondering whether CRDB is behaving properly. Likely to hurt reputation/adoption. T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)

Comments

@jordanlewis
Copy link
Member

jordanlewis commented Feb 3, 2019
edited by rafiss
Loading 

[email protected]:62609/defaultdb> select currval('');
pq: currval(): syntax error at or near "to"
DETAIL: source SQL:
ALTER TABLE  RENAME TO x
                    ^
HINT: try \h ALTER TABLE

The problem here is insufficient checking of preconditions before string interpolation to create the alter table.

In fact, it seems that many of the commands like this one and the privilege checking builtins suffer from lack of string sanitization.

Epic CRDB-8948
@jordanlewis jordanlewis added C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. S-3 Medium-low impact: incurs increased costs for some users (incl lower avail, recoverable bad data) O-sqlsmith labels Feb 3, 2019
@knz
Copy link
Contributor

knz commented Feb 4, 2019

well spotted! thanks

@knz knz added S-3-ux-surprise Issue leaves users wondering whether CRDB is behaving properly. Likely to hurt reputation/adoption. and removed S-3 Medium-low impact: incurs increased costs for some users (incl lower avail, recoverable bad data) labels Feb 4, 2019
@knz knz removed their assignment Feb 4, 2019
hueypark added a commit to hueypark/cockroach that referenced this issue Feb 16, 2019
@hueypark
sql: check invalid table identifier
f525460 
Fixes cockroachdb#34527

This commit checks table name identifier when they use `TablePattern`.

Release note (sql change): builtin function `currval` returned the appropriate error associated with the table name.
@hueypark hueypark mentioned this issue Feb 16, 2019
Closed
@maddyblue
Copy link
Contributor

This error has some trickyness to it too. This function calls our parser.ParseTableName function which takes a string, puts it into an ALTER TABLE in the parser to get our normal parsing rules to parse it. The above error is happening because we are doing simple sprintf-style string substitution, and thus the empty argument of curval gets inserted as a blank string.

Ok so first attempt at a fix is to use our double quote-style identifier thing. This however breaks the separator . as a name separator and correctly fails the tests. But since weirdo names are valid table/sequence names (single quote, double quote, period) as long as you double quote them, I think this leads to the conclusion that this function can not correctly support all possible sequence names until we have real OID support. That is, we cannot now differentiate between running currval on table t of database d and currval on table d.t since both would be currval('d.t').

@maddyblue
Copy link
Contributor

I take it back: a user would have to correctly quote things in that case. currval('"d.t"')

@github-actions
Copy link

github-actions bot commented Jun 5, 2021

We have marked this issue as stale because it has been inactive for
18 months. If this issue is still relevant, removing the stale label
or adding a comment will keep it active. Otherwise, we'll close it in
5 days to keep the issue queue tidy. Thank you for your contribution
to CockroachDB!

@knz
Copy link
Contributor

knz commented Jun 5, 2021

This bug still exists in v21.1

@otan
Copy link
Contributor

otan commented Jun 8, 2021

We should do what Postgres does and make currval take in an oid instead of a string.

We should then use the same logic as ParseDOid to parse this into an appropriate stirng.

@otan otan added the E-starter Might be suitable for a starter project for new employees or team members. label Jun 8, 2021
@jlinder jlinder added the T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) label Jun 16, 2021
@RichardJCai RichardJCai mentioned this issue Sep 22, 2021
Merged
@craig craig bot closed this as completed in 984ad1a Sep 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. E-starter Might be suitable for a starter project for new employees or team members. S-3-ux-surprise Issue leaves users wondering whether CRDB is behaving properly. Likely to hurt reputation/adoption. T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Projects
None yet
Milestone
No milestone
5 participants
@maddyblue @jordanlewis @jlinder @knz @otan