Commit Graph

22279 Commits

Author SHA1 Message Date
Robert Haas
35f0dccb0d Fix one more incorrect errno definition in the ECPG manual.
Again, back-patch all the way to 7.4.
2010-08-11 19:04:03 +00:00
Robert Haas
19efe0489f Fix incorrect errno definitions in ECPG manual.
ecpgerrno.h hasn't materially changed since PostgreSQL 7.4, so this has
been wrong for a very long time.  Back-patch all the way.

Satoshi Nagayasu
2010-08-11 18:52:52 +00:00
Tom Lane
d0844a851f Fix incorrect logic in plpgsql for cleanup after evaluation of non-simple
expressions.  We need to deal with this when handling subscripts in an array
assignment, and also when catching an exception.  In an Assert-enabled build
these omissions led to Assert failures, but I think in a normal build the
only consequence would be short-term memory leakage; which may explain why
this wasn't reported from the field long ago.

Back-patch to all supported versions.  7.4 doesn't have exceptions, but
otherwise these bugs go all the way back.

Heikki Linnakangas and Tom Lane
2010-08-09 18:50:54 +00:00
Tom Lane
2f7cd4356b Improved version of patch to protect pg_get_expr() against misuse:
look through join alias Vars to avoid breaking join queries, and
move the test to someplace where it will catch more possible ways
of calling a function.  We still ought to throw away the whole thing
in favor of a data-type-based solution, but that's not feasible in
the back branches.

Completion of back-port of my patch of yesterday.
2010-07-30 17:57:18 +00:00
Tom Lane
9e468f94aa Fix another longstanding problem in copy_relation_data: it was blithely
assuming that a local char[] array would be aligned on at least a word
boundary.  There are architectures on which that is pretty much guaranteed to
NOT be the case ... and those arches also don't like non-aligned memory
accesses, meaning that log_newpage() would crash if it ever got invoked.
Even on Intel-ish machines there's a potential for a large performance penalty
from doing I/O to an inadequately aligned buffer.  So palloc it instead.

Backpatch to 8.0 --- 7.4 doesn't have this code.
2010-07-29 19:23:58 +00:00
Robert Haas
76a106f264 Fix possible page corruption by ALTER TABLE .. SET TABLESPACE.
If a zeroed page is present in the heap, ALTER TABLE .. SET TABLESPACE will
set the LSN and TLI while copying it, which is wrong, and heap_xlog_newpage()
will do the same thing during replay, so the corruption propagates to any
standby.  Note, however, that the bug can't be demonstrated unless archiving
is enabled, since in that case we skip WAL logging altogether, and the LSN/TLI
are not set.

Back-patch to 8.0; prior releases do not have tablespaces.

Analysis and patch by Jeff Davis.  Adjustments for back-branches and minor
wordsmithing by me.
2010-07-29 16:15:33 +00:00
Tom Lane
7c294bf761 Fix potential failure when hashing the output of a subplan that produces
a pass-by-reference datatype with a nontrivial projection step.
We were using the same memory context for the projection operation as for
the temporary context used by the hashtable routines in execGrouping.c.
However, the hashtable routines feel free to reset their temp context at
any time, which'd lead to destroying input data that was still needed.
Report and diagnosis by Tao Ma.

Back-patch to 8.1, where the problem was introduced by the changes that
allowed us to work with "virtual" tuples instead of materializing intermediate
tuple values everywhere.  The earlier code looks quite similar, but it doesn't
suffer the problem because the data gets copied into another context as a
result of having to materialize ExecProject's output tuple.
2010-07-28 04:51:27 +00:00
Peter Eisentraut
003c5981c3 Spelling fix 2010-07-27 18:55:01 +00:00
Peter Eisentraut
f6d3301cc8 Fix grammar
backpatched to 8.1
2010-07-26 20:30:07 +00:00
Robert Haas
202c89c9d0 Avoid deep recursion when assigning XIDs to multiple levels of subxacts.
Backpatch to 8.0.

Andres Freund, with cleanup and adjustment for older branches by me.
2010-07-23 00:43:44 +00:00
Heikki Linnakangas
b9ded24614 Oops, in the previous fix to prevent a cursor that's being used in a FOR
loop from being dropped, I missed subtransaction cleanup. Pinned portals
must be dropped at subtransaction cleanup just as they are at main
transaction cleanup.

Per bug #5556 by Robert Walker. Backpatch to 8.0, 7.4 didn't have
subtransactions.
2010-07-13 09:03:01 +00:00
Tom Lane
dae11908e8 Avoid an Assert failure in deconstruct_array() by making get_attstatsslot()
use the actual element type of the array it's disassembling, rather than
trusting the type OID passed in by its caller.  This is needed because
sometimes the planner passes in a type OID that's only binary-compatible
with the target column's type, rather than being an exact match.  Per an
example from Bernd Helmle.

Possibly we should refactor get_attstatsslot/free_attstatsslot to not expect
the caller to supply type ID data at all, but for now I'll just do the
minimum-change fix.

Back-patch to 7.4.  Bernd's test case only crashes back to 8.0, but since
these subroutines are the same in 7.4, I suspect there may be variant
cases that would crash 7.4 as well.
2010-07-09 22:58:12 +00:00
Tom Lane
accabacce9 Fix "cannot handle unplanned sub-select" error that can occur when a
sub-select contains a join alias reference that expands into an expression
containing another sub-select.  Per yesterday's report from Merlin Moncure
and subsequent off-list investigation.

Back-patch to 7.4.  Older versions didn't attempt to flatten sub-selects in
ways that would trigger this problem.
2010-07-08 00:14:28 +00:00
Heikki Linnakangas
9654b60cfc The previous fix in CVS HEAD and 8.4 for handling the case where a cursor
being used in a PL/pgSQL FOR loop is closed was inadequate, as Tom Lane
pointed out. The bug affects FOR statement variants too, because you can
close an implicitly created cursor too by guessing the "<unnamed portal X>"
name created for it.

To fix that, "pin" the portal to prevent it from being dropped while it's
being used in a PL/pgSQL FOR loop. Backpatch all the way to 7.4 which is
the oldest supported version.
2010-07-05 09:27:42 +00:00
Tom Lane
4d242bb56d Fix assorted misstatements and poor wording in the descriptions of the I/O
formats for geometric types.  Per bug #5536 from Jon Strait, and my own
testing.

Back-patch to all supported branches, since this doco has been wrong right
along -- we certainly haven't changed the I/O behavior of these types in
many years.
2010-07-03 04:03:33 +00:00
Robert Haas
b525073970 Allow ALTER TABLE .. SET TABLESPACE to be interrupted.
Backpatch to 8.0, where tablespaces were introduced.

Guillaume Lelarge
2010-07-01 14:11:03 +00:00
Heikki Linnakangas
2c0080aacc stringToNode() and deparse_expression_pretty() crash on invalid input,
but we have nevertheless exposed them to users via pg_get_expr(). It would
be too much maintenance effort to rigorously check the input, so put a hack
in place instead to restrict pg_get_expr() so that the argument must come
from one of the system catalog columns known to contain valid expressions.

Per report from Rushabh Lathia. Backpatch to 7.4 which is the oldest
supported version at the moment.
2010-06-30 18:11:19 +00:00
Tom Lane
7577975515 Fix dblink_build_sql_insert() and related functions to handle dropped
columns correctly.  In passing, get rid of some dead logic in the
underlying get_sql_insert() etc functions --- there is no caller that
will pass null value-arrays to them.

Per bug report from Robert Voinea.
2010-06-15 19:04:45 +00:00
Tom Lane
7a1d80b91c Consolidate and improve checking of key-column-attnum arguments for
dblink_build_sql_insert() and related functions.  In particular, be sure to
reject references to dropped and out-of-range column numbers.  The numbers
are still interpreted as physical column numbers, though, for backward
compatibility.

This patch replaces Joe's patch of 2010-02-03, which handled only some aspects
of the problem.
2010-06-15 16:22:45 +00:00
Tom Lane
c797279ab7 Rearrange dblink's dblink_build_sql_insert() and related routines to open and
lock the target relation just once per SQL function call.  The original coding
obtained and released lock several times per call.  Aside from saving a
not-insignificant number of cycles, this eliminates possible race conditions
if someone tries to modify the relation's schema concurrently.  Also
centralize locking and permission-checking logic.

Problem noted while investigating a trouble report from Robert Voinea --- his
problem is still to be fixed, though.
2010-06-14 20:49:57 +00:00
Itagaki Takahiro
47cf87a147 Fix connection leak in dblink when dblink_connect() or dblink_connect_u()
end with "duplicate connection name" errors.

Backported to release 7.4.
2010-06-09 01:00:13 +00:00
Itagaki Takahiro
ac14ba5f87 Fix dblink to treat connection names longer than NAMEDATALEN-2 (62 bytes).
Now long names are adjusted with truncate_identifier() and NOTICE messages
are raised if names are actually truncated.

Backported to release 8.0.
2010-06-03 09:44:35 +00:00
Tom Lane
dbfa55f73a Change ps_status.c to explicitly track the current logical length of ps_buffer.
This saves cycles in get_ps_display() on many popular platforms, and more
importantly ensures that get_ps_display() will correctly return an empty
string if init_ps_display() hasn't been called yet.  Per trouble report
from Ray Stell, in which log_line_prefix %i produced junk early in backend
startup.

Back-patch to 8.0.  7.4 doesn't have %i and its version of get_ps_display()
makes no pretense of avoiding pad junk anyhow.
2010-05-27 19:20:06 +00:00
Andrew Dunstan
b5285c19eb > Follow up a visit from the style police. 2010-05-17 20:46:20 +00:00
Robert Haas
97d136f9e8 Fix longstanding typo in V1 calling conventions documentation.
Erik Rijkers
2010-05-16 03:56:03 +00:00
Tom Lane
7965fd5b0e Improve documentation of pg_restore's -l and -L switches to point out their
interactions with filtering switches, such as -n and -t.  Per a complaint
from Russell Smith.
2010-05-15 18:11:30 +00:00
Marc G. Fournier
30017daeb4 tag 8.1.21 2010-05-14 03:35:26 +00:00
Tom Lane
6499118a90 Update release notes with security issues.
Security: CVE-2010-1169, CVE-2010-1170
2010-05-13 21:27:29 +00:00
Tom Lane
b67abe3db8 Use an entity instead of non-ASCII letter. Thom Brown 2010-05-13 19:16:38 +00:00
Tom Lane
a921879053 Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless
that is a regular table or view owned by a superuser.  This prevents a
trojan horse attack whereby any unprivileged SQL user could create such a
table and insert code into it that would then get executed in other users'
sessions whenever they call pltcl functions.

Worse yet, because the code was automatically loaded into both the "normal"
and "safe" interpreters at first use, the attacker could execute unrestricted
Tcl code in the "normal" interpreter without there being any pltclu functions
anywhere, or indeed anyone else using pltcl at all: installing pltcl is
sufficient to open the hole.  Change the initialization logic so that the
"unknown" code is only loaded into an interpreter when the interpreter is
first really used.  (That doesn't add any additional security in this
particular context, but it seems a prudent change, and anyway the former
behavior violated the principle of least astonishment.)

Security: CVE-2010-1170
2010-05-13 18:29:37 +00:00
Andrew Dunstan
68e621bfa4 Abandon the use of Perl's Safe.pm to enforce restrictions in plperl, as it is
fundamentally insecure. Instead apply an opmask to the whole interpreter that
imposes restrictions on unsafe operations. These restrictions are much harder
to subvert than is Safe.pm, since there is no container to be broken out of.
Backported to release 7.4.

In releases 7.4, 8.0 and 8.1 this also includes the necessary backporting of
the two interpreters model for plperl and plperlu adopted in release 8.2.

In versions 8.0 and up, the use of Perl's POSIX module to undo its locale
mangling on Windows has become insecure with these changes, so it is
replaced by our own routine, which is also faster.

Nice side effects of the changes include that it is now possible to use perl's
"strict" pragma in a natural way in plperl, and that perl's $a and
$b variables now work as expected in sort routines, and that function
compilation is significantly faster.

Tim Bunce and Andrew Dunstan, with reviews from Alex Hunsaker and
Alexey Klyukin.

Security: CVE-2010-1169
2010-05-13 16:43:41 +00:00
Peter Eisentraut
ffba89a9bb Translation update 2010-05-13 07:22:03 +00:00
Tom Lane
a65beefa7c Preliminary release notes for releases 8.4.4, 8.3.11, 8.2.17, 8.1.21, 8.0.25,
7.4.29.
2010-05-12 23:27:51 +00:00
Tom Lane
68083ef9d1 Update time zone data files to tzdata release 2010j: DST law changes in
Argentina, Australian Antarctic, Bangladesh, Mexico, Morocco, Pakistan,
Palestine, Russia, Syria, Tunisia.  Historical corrections for Taiwan.
2010-05-11 23:01:56 +00:00
Tom Lane
7e84802ce5 Work around a subtle portability problem in use of printf %s format.
Depending on which spec you read, field widths and precisions in %s may be
counted either in bytes or characters.  Our code was assuming bytes, which
is wrong at least for glibc's implementation, and in any case libc might
have a different idea of the prevailing encoding than we do.  Hence, for
portable results we must avoid using anything more complex than just "%s"
unless the string to be printed is known to be all-ASCII.

This patch fixes the cases I could find, including the psql formatting
failure reported by Hernan Gonzalez.  In HEAD only, I also added comments
to some places where it appears safe to continue using "%.*s".
2010-05-08 16:40:38 +00:00
Tom Lane
ddcba86256 Fix psql to not go into infinite recursion when expanding a variable that
refers to itself (directly or indirectly).  Instead, print a message when
recursion is detected, and don't expand the repeated reference.  Per bug
#5448 from Francis Markham.

Back-patch to 8.0.  Although the issue exists in 7.4 as well, it seems
impractical to fix there because of the lack of any state stack that
could be used to track active expansions.
2010-05-05 22:19:24 +00:00
Tom Lane
fbd2fbed0c Fix backpatching error in recent patch for ALTER USER f RESET ALL behavior.
The argument list for array_set() changed in 8.2 (in connection with allowing
nulls in arrays) but the newer argument list was used in the patches applied
to 8.1 and 8.0 branches.  The patch for 7.4 was OK though.  Per compiler
warnings.
2010-05-05 02:55:04 +00:00
Tom Lane
6666e76344 Add code to InternalIpcMemoryCreate() to handle the case where shmget()
returns EINVAL for an existing shared memory segment.  Although it's not
terribly sensible, that behavior does meet the POSIX spec because EINVAL
is the appropriate error code when the existing segment is smaller than the
requested size, and the spec explicitly disclaims any particular ordering of
error checks.  Moreover, it does in fact happen on OS X and probably other
BSD-derived kernels.  (We were able to talk NetBSD into changing their code,
but purging that behavior from the wild completely seems unlikely to happen.)
We need to distinguish collision with a pre-existing segment from invalid size
request in order to behave sensibly, so it's worth some extra code here to get
it right.  Per report from Gavin Kistner and subsequent investigation.

Back-patch to all supported versions, since any of them could get used
with a kernel having the debatable behavior.
2010-05-01 22:47:00 +00:00
Tom Lane
d130025aa9 Fix multiple memory leaks in PLy_spi_execute_fetch_result: it would leak
memory if the result had zero rows, and also if there was any sort of error
while converting the result tuples into Python data.  Reported and partially
fixed by Andres Freund.

Back-patch to all supported versions.  Note: I haven't tested the 7.4 fix.
7.4's configure check for python is so obsolete it doesn't work on my
current machines :-(.  The logic change is pretty straightforward though.
2010-04-30 19:16:10 +00:00
Peter Eisentraut
2c862fbf23 IP port -> TCP port
backpatched to 8.1, where this first appeared
2010-04-15 20:45:40 +00:00
Andrew Dunstan
0783d492f0 Sync perl's ppport.h on all branches back to 7.4 with recent update on HEAD, ensuring we can build older branches with modern Perl installations. 2010-04-03 17:54:50 +00:00
Tom Lane
c383ff4ca1 Ensure that contrib/pgstattuple functions respond to cancel interrupts
reasonably promptly, by adding CHECK_FOR_INTERRUPTS in the per-page loops.

Tatsuhito Kasahara
2010-04-02 16:17:18 +00:00
Alvaro Herrera
03ecb57737 Prevent ALTER USER f RESET ALL from removing the settings that were put there
by a superuser -- "ALTER USER f RESET setting" already disallows removing such a
setting.

Apply the same treatment to ALTER DATABASE d RESET ALL when run by a database
owner that's not superuser.
2010-03-25 14:45:36 +00:00
Tom Lane
40db749c70 Clear error_context_stack and debug_query_string at the beginning of proc_exit,
so that we won't try to attach any context printouts to messages that get
emitted while exiting.  Per report from Dennis Koegel, the context functions
won't necessarily work after we've started shutting down the backend, and it
seems possible that debug_query_string could be pointing at freed storage
as well.  The context information doesn't seem particularly relevant to
such messages anyway, so there's little lost by suppressing it.

Back-patch to all supported branches.  I can only demonstrate a crash with
log_disconnections messages back to 8.1, but the risk seems real in 8.0 and
before anyway.
2010-03-20 00:58:32 +00:00
Magnus Hagander
dbaaca266a Typo fixes.
Fujii Masao
2010-03-17 18:04:14 +00:00
Marc G. Fournier
53690dce27 tag 8.1.20 2010-03-12 03:51:21 +00:00
Tom Lane
e6bef1156a Preliminary release notes for releases 8.4.3, 8.3.10, 8.2.16, 8.1.20, 8.0.24,
7.4.28.
2010-03-10 01:59:02 +00:00
Tom Lane
a38c09f43d Use SvROK(sv) rather than directly checking SvTYPE(sv) == SVt_RV in plperl.
The latter is considered unwarranted chumminess with the implementation,
and can lead to crashes with recent Perl versions.

Report and fix by Tim Bunce.  Back-patch to all versions containing the
questionable coding pattern.
2010-03-09 22:35:16 +00:00
Alvaro Herrera
22ae430efb Update time zone data files to tzdata release 2010d: DST law changes in Fiji,
Samoa, Chile; corrections to recent changes in Paraguay and Bangladesh.
2010-03-09 14:31:32 +00:00
Magnus Hagander
b2dfc2ff10 Add missing space in example.
Tim Landscheidt
2010-03-08 12:39:29 +00:00