Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wPniT-0012R3-0g for pgsql-bugs@arkaria.postgresql.org; Wed, 20 May 2026 20:40:33 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wPniP-008SX2-2N for pgsql-bugs@arkaria.postgresql.org; Wed, 20 May 2026 20:40:30 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wPnGo-008LBJ-1B for pgsql-bugs@lists.postgresql.org; Wed, 20 May 2026 20:11:59 +0000 Received: from mail-oo1-xc29.google.com ([2607:f8b0:4864:20::c29]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wPnGm-00000000bPn-3Szk for pgsql-bugs@lists.postgresql.org; Wed, 20 May 2026 20:11:58 +0000 Received: by mail-oo1-xc29.google.com with SMTP id 006d021491bc7-69d377221aaso1976680eaf.0 for ; Wed, 20 May 2026 13:11:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779307915; cv=none; d=google.com; s=arc-20240605; b=AjBJQZv0n6woeNqr5+uHf21UFG4so5p2CfYxXg8YVtEN/ARBfG2hdAF8YGvcLOz+kz O3JzxmiMuJ/OVWUYuugbXXMCuyCdugYEv9Vh+WUYvSvTWZsgIR9tKxHZgLEZ0ZlL5x5P 68eZ+klnZbfELLwDggCoP94clBPUv4XU8zXNoVMrWhy1M/YR6GYSZWsOTy3iloYU/pVk pQLZFmhCjRWUupK+TrGbSUMgFtptMk9+fuNP5F+ZtdDzACI5o1rL1FCKkuSqLAjqMlNh b6nTKHyI3ze0+nK6wqeL8rSecR5HFrbNJpd5TtxMzAby57EqlgM7JqLFB5Y4Uxq7Q9cx IVYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=B3PdKp0OcePeeXGVN2jkMWwmbQXhMEZeFDGl2AXNyHg=; fh=/e2+xX7ZtYNE7ACkF6B0c+EIGaUjRVfIZXntE8xiWEY=; b=fzaSrhF6xQYPAIEEk6XijpKndsbwRAWaAVfKvQjsiUQET7D+pqgiW7Gj4oHTwr/Cd0 GLEl1s6mhi5TFdJ0BGYoBDSzthO51nne9TBhVXdfJELTvDlmFk2Vt6TuVZrkk/Bk6Tq9 ln5k0fvg/cYTgK25GnNRYleA4xpT5668T8Ko3PVstPvDsxnd77USxntqknIk6pgzAHNj WiLiiVivgRFXGsLUZ6YzYmqsOZYMoPBALPJPL7f7+tP9LKe5bNkc1ASiJGa53pplR6gd MMk52OlZKy2vP/oHPj096rZnjS7+LFBBO6z1GFM+jIF4QGw6HWvZXwN6OXBxRNUgK3To WPLQ==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779307915; x=1779912715; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=B3PdKp0OcePeeXGVN2jkMWwmbQXhMEZeFDGl2AXNyHg=; b=kWvyE+CaGKgJBqrQvRFP7Ai6kL8Kpso48eUKrI9eKFC2WtisfdAznlZ9ti0zze1r9z OnBonL1i5+BpWDO5LKQmUVbpsabvzfUJJ/w3tdTA1o4yGz296/dffbyQVeY5pWt/dI4G Goe+ruhtMUII/SCI1lgkgduI6bWl3CoyQoELh3RawqrFm8PJqkfLsBRbqeSdObJV5xws M72WUYu+Jq9wnfThahi1QnHhuCdYPoM99UKOxmONrIHs9nurZED1Nu6pAmTjXr1GcP1g NULZinvmo8x851rJSUrqK44iwHUIVMsTM/R5OLtoBPMAmxeoZWwm/vEhcVxd8g4ej36G ZEtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779307915; x=1779912715; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=B3PdKp0OcePeeXGVN2jkMWwmbQXhMEZeFDGl2AXNyHg=; b=RX/opee/dzXbMIqQAS8s+ZOGfoGRIMla98NOlqbOypZXk0GTzxAwqaac6K2vT1PVEP /Ep0+fPwGq5AxAuPsexjR/jIdbvirxLgk/2la5ii1UH5Ekd6yR54DlJPZiMfQIwNRiGz DqrhFhYSQud8X0nt9Tzf0+JnlaTRI1xiHx/3ayW6Tvidwioeo66Aw0Wg0wGiyBwNmV7J /RVcwO0ij2DU5LBYmK9vYXm4OZE/vFBzeAI3OHhZuSMfnI/eNnEx0ESXrGkd9wsUzQCa AKpFDubdn2IMsY2V8fE37lVydZ2KOZUmA3NFk5la0hFxiCPCw9rDFBFX86bQsn43dO++ Fnpw== X-Gm-Message-State: AOJu0YxhWhroNP2vijnc1paBWfpj2AkRWhJ9eo7oMHoat8M2mb0tNGIr 6tNDp7YAoxYBbKbw1tR7hulrJewfSHqz5Qya60BC5u8wi6cgylgUOVplz7aUqYP1GDdkHDjLAaV PfvYMNrS2c//vCREUiJEVL0Y9/4GvE6I= X-Gm-Gg: Acq92OEodj4/KIh01L/+Ni8nCE00DnS/KnjQ9tqX3RQoqTuDlfbdl28EbYpk0oySxfK m8jMnIsKGy/F4xFLoK1Ii7IN7tAlFT5l4kWOKXGGrGdOHWlZl5iQp3XUEwdfTyr2Ejyu6rPhz/y e0gJibsr52cd0NMfH0qaEhIZqqsjCmnGUbq/dfpViKiA32DqFpWgezdH60gj9htZwTEnVcxeLs9 5u77KUT56YDHrHWYzdLSG0CLhmdqOjRV8DDT51W/k6RnmRv4i9A4RQP2LCaY6UW8+bU7S1bRUmj M7Haa8tmeXmcdLza9Y1U6Q4sKvtzCrpd56VAWkmwUVYidGK+L6rjhMzKpTv0pI8l06p1CdgXrW+ rml0uOEELInD25el/BnES X-Received: by 2002:a05:6820:c97:b0:69b:bf80:2db3 with SMTP id 006d021491bc7-69c9bfafeb8mr16322150eaf.44.1779307915030; Wed, 20 May 2026 13:11:55 -0700 (PDT) MIME-Version: 1.0 References: <3b02a3fe-bf62-4231-8ea8-5021f4846e2d@gmail.com> In-Reply-To: <3b02a3fe-bf62-4231-8ea8-5021f4846e2d@gmail.com> From: Anton Fedorov Date: Wed, 20 May 2026 22:11:44 +0200 X-Gm-Features: AVHnY4LPEbVXf7CBTFeZ3IOuHp1V94fnkGpTfn9GChm_9_D8J9MZtapjFluJcDg Message-ID: Subject: Re: Fwd: Non-cancellable queries To: Andrei Lepikhov Cc: pgsql-bugs@lists.postgresql.org Content-Type: multipart/alternative; boundary="00000000000038b4f80652456895" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000038b4f80652456895 Content-Type: text/plain; charset="UTF-8" On Wed, 20 May 2026 at 12:55, Andrei Lepikhov wrote: > > You can run as many queries as you want; the queries sitting server-side, > > consuming CPU > Yyou found the trick where the join list building routine consumes a lot of > resources. Postgres code is aware of this situation and has a clear trade-off between > performance and signal checking. Even if we fix this specific case, there > are > multiple cycles in the code that might be expanded by a tricky query. So, > can > you provide more context to define the problem's importance and scope so > we can > determine whether this subject is actually important and should be fixed? > This problem can surface in the following situations: a) "growing analytics" -- imagine tables sharded by very thin key (f.e., separate daily tables), and one would want to run query against large date range; b) blind SQL injection with ultra restricted user permissions (query only) became DoS instrument; c) "shared hosting" of some sort -- when the single server has ability to run queries from different users; in this situation it would be just lack of isolation. not a problem for the postgresql itself, it is more of a problem for services who build service on top of postgres; There is another similar case with one more exploitation path: python -c "print('create table if not exists x(x int);');n=2000000;print('select 1 from x where 1=1',end=' and x=1'*n)" | psql -h 172.17.0.2 -Upostgres -A the query is perfectly valid repetition of "x=1 and x=1 and ..." that also leads to non-cancellable memory-eating query. Can be a consequence of perfectly valid use-case: - simple table with category as a value - site has multiple-choice category selector, that get POSTed as a form in some array sorts (cat[]=N&cat[]=N or just cat=N&cat=N etc) - the ORM convert the array into query using " ".join("AND cat=%d" % (cat,) for cat in form['cat']) The query is safe, the values are safe, no arbitrary injection, and yet, server DOS. --00000000000038b4f80652456895 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, 20 May = 2026 at 12:55, Andrei Lepikhov <lep= ihov@gmail.com> wrote:
> You can run as many queries as you want; the queries sitting server-si= de,
> consuming CPU
=C2=A0
Yyou found the trick where the join list building routine consumes a lot of=
resources.=C2=A0
Postgres code is aware of this situation and has a clear trade-off between<= br> performance and signal checking. Even if we fix this specific case, there a= re
multiple cycles in the code that might be expanded by a tricky query. So, c= an
you provide more context to define the problem's importance and scope s= o we can
determine whether this subject is actually important and should be fixed?

This problem can surface in the followin= g situations:

a) "growing analytics" -- = imagine tables sharded by very thin key (f.e., separate daily tables), and = one
=C2=A0 =C2=A0 would want to run query against large date rang= e;
b) blind SQL injection with ultra restricted user permissions = (query only) became DoS instrument;
c) "shared hosting" o= f some sort -- when the single server has ability to run queries from diffe= rent users;
=C2=A0 =C2=A0 in this situation it would be just lack= of isolation. not a problem for the postgresql itself, it is more of a
=C2=A0 =C2=A0 problem for services who build service on top of postg= res;

There is another similar cas= e with one more exploitation path:

python -c "= ;print('create table if not exists x(x int);');n=3D2000000;print(&#= 39;select 1 from x where 1=3D1',end=3D' and x=3D1'*n)" | p= sql -h 172.17.0.2 -Upostgres -A

the query is p= erfectly valid repetition of "x=3D1 and x=3D1 and ..." that also = leads to non-cancellable memory-eating query.

Can = be a consequence of perfectly valid use-case:
=C2=A0 - simple tab= le with category as a value
=C2=A0 - site has multiple-choice cat= egory selector, that get POSTed as a form in some array sorts (cat[]=3DN&am= p;cat[]=3DN or just cat=3DN&cat=3DN etc)
=C2=A0 - the ORM con= vert the array into query using " ".join("AND cat=3D%d"= % (cat,) for cat in form['cat'])

The query is safe, the val= ues are safe, no arbitrary injection, and yet, server DOS.
--00000000000038b4f80652456895--