Skip site navigation (1) Skip section navigation (2)

pgsql: stringToNode() and deparse_expression_pretty() crash on invalid

From: heikki(at)postgresql(dot)org (Heikki Linnakangas)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: stringToNode() and deparse_expression_pretty() crash on invalid
Date: 2010-06-30 18:11:32
Message-ID: 20100630181132.2B31B7541D4@cvs.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
stringToNode() and deparse_expression_pretty() crash on invalid input,
but we have nevertheless exposed them to users via pg_get_expr(). It would
be too much maintenance effort to rigorously check the input, so put a hack
in place instead to restrict pg_get_expr() so that the argument must come
from one of the system catalog columns known to contain valid expressions.

Per report from Rushabh Lathia. Backpatch to 7.4 which is the oldest
supported version at the moment.

Tags:
----
REL8_0_STABLE

Modified Files:
--------------
    pgsql/src/backend/parser:
        parse_expr.c (r1.179.4.3 -> r1.179.4.4)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/parser/parse_expr.c?r1=1.179.4.3&r2=1.179.4.4)
    pgsql/src/backend/tcop:
        fastpath.c (r1.77.4.1 -> r1.77.4.2)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/tcop/fastpath.c?r1=1.77.4.1&r2=1.77.4.2)
    pgsql/src/include/catalog:
        pg_constraint.h (r1.14 -> r1.14.4.1)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_constraint.h?r1=1.14&r2=1.14.4.1)

pgsql-committers by date

Next:From: Heikki LinnakangasDate: 2010-06-30 18:11:43
Subject: pgsql: stringToNode() and deparse_expression_pretty() crash on invalid
Previous:From: Heikki LinnakangasDate: 2010-06-30 18:11:19
Subject: pgsql: stringToNode() and deparse_expression_pretty() crash on invalid

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group