| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Don't believe MinMaxExpr is leakproof without checking. |
| Date: | 2019-01-02 21:34:20 |
| Message-ID: | E1geo9c-0006ZC-VT@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Don't believe MinMaxExpr is leakproof without checking.
MinMaxExpr invokes the btree comparison function for its input datatype,
so it's only leakproof if that function is. Many such functions are
indeed leakproof, but others are not, and we should not just assume that
they are. Hence, adjust contain_leaked_vars to verify the leakproofness
of the referenced function explicitly.
I didn't add a regression test because it would need to depend on
some particular comparison function being leaky, and that's a moving
target, per discussion.
This has been wrong all along, so back-patch to supported branches.
Discussion: https://postgr.es/m/31042.1546194242@sss.pgh.pa.us
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/64edc788b4a509427eb407b0d8faac75bac5e02b
Modified Files
--------------
src/backend/optimizer/util/clauses.c | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-01-03 14:35:14 | pgsql: Update ssl test certificates and keys |
| Previous Message | Peter Eisentraut | 2019-01-02 20:22:31 | pgsql: Switch pg_regress to output unified diffs by default |