| From: | James William Pye <pgsql(at)jwp(dot)name> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Output functions with multiple arguments considered |
| Date: | 2005-04-30 23:26:30 |
| Message-ID: | 1114903590.724.19.camel@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, 2005-04-30 at 16:17 -0400, Tom Lane wrote:
> An example that Elein put up yesterday:
> http://archives.postgresql.org/pgsql-general/2005-04/msg01384.php
> caused me to realize that type output functions that depend on
> additional arguments to determine what they are dealing with are
> fundamentally security holes. It is trivial to crash 8.0's record_out
> by lying to it about the rowtype of its first argument.
I was bitten by this a little while ago where I was running an
OidFunctionCall1(yes, 1) on typoutput's. Andrew on IRC pointed out that
calls to recordout out normally used a FunctionCall3, thus showing the
reason for the issue. Sometimes junk data in the heap signalled the
function to use it instead of the datum tuple's typoid, normally causing
a failed cache lookup. I figured it was somehow my fault, but I just
couldn't put my finger on it.(thanks again Andrew if you're on here)
I imagine this change will also help save others from that mistake as
well.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | elein | 2005-04-30 23:35:35 | Re: Output functions with multiple arguments considered harmful |
| Previous Message | David Fetter | 2005-04-30 21:40:04 | Re: [HACKERS] Increased company involvement |