From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Subject: | Re: Leakproofness of texteq()/textne() |
Date: | 2019-09-16 04:24:44 |
Message-ID: | 11842.1568607884@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> On Thu, Sep 12, 2019 at 5:19 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> However, if there is some character C that makes ICU misbehave like
>>> that, we are going to have problems with indexing strings containing C,
>>> whether we think varstr_cmp is leaky or not. So I'm not sure that
>>> focusing our attention on leakiness is a helpful way to proceed.
>> That seems like a compelling argument to me.
> Agreed.
So it seems that the consensus is that it's okay to mark these
functions leakproof, because if any of the errors they throw
are truly reachable for other than data-corruption reasons,
we would wish to try to prevent such errors. (Maybe through
upstream validity checks? Hard to say how we'd do it exactly,
when we don't have an idea what the problem is.)
My inclination is to do the proleakproof changes in HEAD, but
not touch v12. The inconsistency in leakproof markings in v12
is annoying but it's not a regression or security hazard, so
I'm thinking it's not worth a late catversion bump to fix.
Thoughts?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | nilsocket | 2019-09-16 05:41:31 | |
Previous Message | Stephen Frost | 2019-09-16 02:04:40 | Re: Leakproofness of texteq()/textne() |