Publication date: May 23, 2022
Description
In all versions of CockroachDB from v21.2.0 to v21.2.10, and from v22.1.0-alpha.1 to v22.1.0, executing a prepared SELECT query with a casted placeholder value in a constant filter could produce incorrect results if the casted type did not match the filtered column type.
For example, executing a prepared statement of the form SELECT ... FROM ... WHERE col = $1::type ..., where type did not match the type of column col, could return fewer results than expected.
Statement
This is resolved in CockroachDB by PR 81331.
The fix has been applied to maintenance versions v21.2.11 and v22.1.1 of CockroachDB.
This public issue is tracked by 81315.
Mitigation
Users of CockroachDB are encouraged to upgrade to a maintenance version with the fix applied: v21.2.11 or v22.1.1.
To avoid this problem on affected versions, users should change any placeholder casts that filter a column in their prepared statements to match the type of the filtered column.
For example, in the prepared statement SELECT * FROM my_tab WHERE a = $1::INT8;, if column a has type DECIMAL, the prepared statement should be changed to SELECT * FROM my_tab WHERE a = $1::DECIMAL; to avoid this issue.
Impact
Versions affected include v21.2.0 to v21.2.10, and v22.1.0-alpha.1 to v22.1.0.
Please reach out to the support team if more information or assistance is needed.
Was this helpful?
