From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Mark unconditionally-safe implicit coercions as leakproof |
Date: | 2020-07-24 16:17:11 |
Message-ID: | 459322.1595607431@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I went through the system's built-in implicit coercions to see
which ones are unconditionally successful. These could all be
marked leakproof, as per attached patch. This came up in the
context of the nearby discussion about CASE, but it seems like
an independent improvement. If you have a function f(int8)
that is leakproof, you don't want it to effectively become
non-leakproof when you apply it to an int4 or int2 column.
One that I didn't mark leakproof is rtrim1(), which is the
infrastructure for char(n) to text coercion. It looks like it
actually does qualify right now, but the code is long enough and
complex enough that I think such a marking would be a bit unsafe.
Any objections?
regards, tom lane
Attachment | Content-Type | Size |
---|---|---|
mark-safe-coercions-as-leakproof-1.patch | text/x-diff | 10.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2020-07-24 16:21:49 | Re: Missing CFI in hlCover()? |
Previous Message | Andres Freund | 2020-07-24 16:16:33 | Re: Any objections to implementing LogicalDecodeMessageCB for pgoutput? |