Re: Bug - DoS - Handler function lookups consider non-handler functions

"David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
> create extension tsm_system_rows ;
> create schema s1;
> create function s1.system_rows(internal) returns void language c as
> 'tsm_system_rows.so', 'tsm_system_rows_handler';
> set search_path to s1,public,pg_catalog;
> select count(*) from pg_class tablesample system_rows(0);
> ERROR: function system_rows must return type tsm_handler
> LINE 1: select count(*) from pg_class tablesample system_rows(0);

> The above is a denial-of-service due to our decision to lookup handler
> functions by name regardless of return type and consider it an error if a
> function with the wrong return type shows up (in particular, even though
> one with the correct signature exists and otherwise would have been found).

I do not think this is a bug: it's superuser error. Yeah, it'd be
great if we could prevent people from creating incorrect support
functions, but that'd require solving the halting problem.

> The attached POC fixes this by allowing callers to also specify the OID of
> the handler type as part of their function lookup criteria.

I'm not on board with that at all. The law of unintended consequences
comes into play the moment you start messing with function lookup
rules. And I'm not at all convinced that "ignore it" is an
improvement over "throw an error".

And please, let's stop with the scare tactics of calling this sort
of thing a denial-of-service.

regards, tom lane