Critical: fix inverted logic here

sfc-gh-dachristensen · sfc-gh-dachristensen · commit af9194568aaf · 2026-04-22T19:17:56.000Z
strcmp(str, "") returns 0 (false) when str is empty, meaning the check is
inverted: it returns NULL when parsing succeeds and continues when parsing
fails. This allows non-numeric strings to pass through as array indices, leading
to type confusion and potentially incorrect memory access.

The strcmp logic handles most cases correctly (non-numeric strings return NULL,
valid integers pass through). However, the empty string "" is accepted as a
valid array index of 0: [10, 20, 30] #&gt; '[""]' returns 10 instead of NULL. This
occurs because strtol("") sets lindex=0 and str="", so strcmp("", "") returns 0,
bypassing the error check.

Signed-off-by: David Christensen &lt;david.christensen@snowflake.com&gt;
diff --git a/src/backend/utils/adt/agtype_ops.c b/src/backend/utils/adt/agtype_ops.c
@@ -2098,7 +2098,7 @@ static Datum get_agtype_path_all(FunctionCallInfo fcinfo, bool as_text)
                 char* str = NULL;
                 lindex = strtol(cur_key->val.string.val, &str, 10);
 
-                if (strcmp(str, ""))
+                if (strcmp(str, "") != 0)
                 {
                     PG_RETURN_NULL();
                 }

Original file line number	Diff line number	Diff line change
`@@ -2098,7 +2098,7 @@ static Datum get_agtype_path_all(FunctionCallInfo fcinfo, bool as_text)`
`2098`	`2098`	`char* str = NULL;`
`2099`	`2099`	`lindex = strtol(cur_key->val.string.val, &str, 10);`
`2100`	`2100`
`2101`		`- if (strcmp(str, ""))`
	`2101`	`+ if (strcmp(str, "") != 0)`
`2102`	`2102`	`{`
`2103`	`2103`	`PG_RETURN_NULL();`
`2104`	`2104`	`}`