| From: | Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>, Aleksander Alekseev <aleksander(at)tigerdata(dot)com> |
| Subject: | bytea(uuid) missing proleakproof? |
| Date: | 2026-06-22 03:59:48 |
| Message-ID: | 1FAAF426-9205-4F53-8D3B-F2003D96EC37@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
While testing "[ba21f5bf8] Allow explicit casting between bytea and uuid", I noticed that the new proc bytea(uuid) is not marked as proleakproof, while the other functions in the group, bytea(int2), bytea(int4), and bytea(int8), are all marked as proleakproof.
Looking into the backend function uuid_bytea(), it just returns uuid_send(fcinfo). For a valid uuid datum, uuid_send() only copies the UUID value into a bytea result, so I don't see an input-dependent error path or other reason not to mark bytea(uuid) as proleakproof.
This matters for security barrier planning, because a qual using uuid::bytea is otherwise treated as leaky and cannot be pushed down. Attached is a tiny patch to fix that.
I didn't mark uuid_send() itself as proleakproof because none of send/receive functions are marked as proleakproof in pg_proc.dat.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Mark-uuid-to-bytea-cast-as-leakproof.patch | application/octet-stream | 1.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2026-06-22 04:03:44 | Re: Fix publisher-side sequence permission reporting |
| Previous Message | Amit Kapila | 2026-06-22 03:10:56 | Re: Proposal: Conflict log history table for Logical Replication |