| From: | Roberto C(dot) Sánchez <roberto(at)debian(dot)org> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Question concerning backport of CVE-2022-2625 |
| Date: | 2022-11-23 18:35:27 |
| Message-ID: | Y35n73xn3BsBUGw2@connexer.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Tom,
On Sun, Nov 20, 2022 at 11:43:41AM -0500, Tom Lane wrote:
>
> It'd likely be a good idea to reproduce this with a gdb breakpoint
> set at errfinish, and see exactly what's leading up to the error.
>
So, I did as you suggested. The top few frames of the backtrace were:
#0 errfinish (dummy=0)
at /build/postgresql-9.4-9.4.26/build/../src/backend/utils/error/elog.c:419
#1 0x00005563cc733f25 in recordDependencyOnCurrentExtension (
object=object(at)entry=0x7ffcfc649310, isReplace=isReplace(at)entry=1 '\001')
at /build/postgresql-9.4-9.4.26/build/../src/backend/catalog/pg_depend.c:184
#2 0x00005563cc735b72 in makeOperatorDependencies (tuple=0x5563cd10aaa8)
at /build/postgresql-9.4-9.4.26/build/../src/backend/catalog/pg_operator.c:862
The code at pg_depend.c:184 came directly from the CVE-2022-2625 commit,
5919bb5a5989cda232ac3d1f8b9d90f337be2077. However, when I looked at
pg_operator.c:862 I saw that I had had to omit the following change in
backporting to 9.4:
/* Dependency on extension */
- recordDependencyOnCurrentExtension(&myself, true);
+ recordDependencyOnCurrentExtension(&myself, isUpdate);
The reason is that the function makeOperatorDependencies() does not have
the parameter isUpdate in 9.4. I found that the parameter was
introduced in 0dab5ef39b3d9d86e45bbbb2f6ea60b4f5517d9a, which fixed a
problem with the ALTER OPERATOR command, but which also seems to bring
some structural changes as well and it wasn't clear they would be
particularly beneficial in resolving the issue.
In the end, what I settled on was a minor change to pg_operator.c to add
the isUpdate parameter to the signature of makeOperatorDependencies(),
along with updates to the invocations of makeOperatorDependencies() so
that when it is invoked in OperatorCreate() the parameter is passed in.
After that I was able to include the change I had originally omitted and
all the tests passed as written (with appropriate adjustments for
commands that did not support CINE in 9.4).
Thanks again for the suggestion of where to look for the failure!
Regards,
-Roberto
--
Roberto C. Sánchez
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2022-11-23 18:39:10 | Re: Transparent column encryption |
| Previous Message | Bruce Momjian | 2022-11-23 18:30:48 | Re: Document parameter count limit |