From 1aa0e9c878374287993848ab5b04fe4e762e00d2 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 11 Apr 2008 22:53:06 +0000 Subject: [PATCH] Fix several datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. While this was okay as far as the datatypes themselves were concerned, it's a problem for the parser because occurrences of the "same" literal might not be recognized as equal by datumIsEqual (and hence not by equal()). It seems sufficient to fix this in the input functions since the only critical use of equal() is in the parser's comparisons of ORDER BY and DISTINCT expressions. Per a trouble report from Marc Cousin. Patch all the way back. Interestingly, array_in did not have the bug before 8.2, which may explain why the issue went unnoticed for so long. --- contrib/ltree/ltree_io.c | 9 ++++----- src/backend/utils/adt/arrayfuncs.c | 4 ++-- src/backend/utils/adt/geo_ops.c | 4 +++- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/contrib/ltree/ltree_io.c b/contrib/ltree/ltree_io.c index eb22894079c..a3df2a260ad 100644 --- a/contrib/ltree/ltree_io.c +++ b/contrib/ltree/ltree_io.c @@ -1,7 +1,7 @@ /* * in/out function for ltree and lquery * Teodor Sigaev - * $PostgreSQL: pgsql/contrib/ltree/ltree_io.c,v 1.13 2006/09/22 21:39:57 tgl Exp $ + * $PostgreSQL: pgsql/contrib/ltree/ltree_io.c,v 1.13.2.1 2008/04/11 22:53:06 tgl Exp $ */ #include "ltree.h" @@ -118,7 +118,7 @@ ltree_in(PG_FUNCTION_ARGS) errmsg("syntax error"), errdetail("Unexpected end of line."))); - result = (ltree *) palloc(LTREE_HDRSIZE + totallen); + result = (ltree *) palloc0(LTREE_HDRSIZE + totallen); result->len = LTREE_HDRSIZE + totallen; result->numlevel = lptr - list; curlevel = LTREE_FIRST(result); @@ -208,8 +208,7 @@ lquery_in(PG_FUNCTION_ARGS) } num++; - curqlevel = tmpql = (lquery_level *) palloc(ITEMSIZE * num); - memset((void *) tmpql, 0, ITEMSIZE * num); + curqlevel = tmpql = (lquery_level *) palloc0(ITEMSIZE * num); ptr = buf; while (*ptr) { @@ -448,7 +447,7 @@ lquery_in(PG_FUNCTION_ARGS) curqlevel = NEXTLEV(curqlevel); } - result = (lquery *) palloc(totallen); + result = (lquery *) palloc0(totallen); result->len = totallen; result->numlevel = num; result->firstgood = 0; diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c index 667335b5ab3..4d328d5ce1e 100644 --- a/src/backend/utils/adt/arrayfuncs.c +++ b/src/backend/utils/adt/arrayfuncs.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/arrayfuncs.c,v 1.135 2006/11/08 19:24:38 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/arrayfuncs.c,v 1.135.2.1 2008/04/11 22:53:06 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -323,7 +323,7 @@ array_in(PG_FUNCTION_ARGS) dataoffset = 0; /* marker for no null bitmap */ nbytes += ARR_OVERHEAD_NONULLS(ndim); } - retval = (ArrayType *) palloc(nbytes); + retval = (ArrayType *) palloc0(nbytes); retval->size = nbytes; retval->ndim = ndim; retval->dataoffset = dataoffset; diff --git a/src/backend/utils/adt/geo_ops.c b/src/backend/utils/adt/geo_ops.c index aa6bb25afea..7d06a70c207 100644 --- a/src/backend/utils/adt/geo_ops.c +++ b/src/backend/utils/adt/geo_ops.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.93.2.1 2007/12/18 00:04:16 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/geo_ops.c,v 1.93.2.2 2008/04/11 22:53:06 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -1425,6 +1425,8 @@ path_in(PG_FUNCTION_ARGS) errmsg("invalid input syntax for type path: \"%s\"", str))); path->closed = (!isopen); + /* prevent instability in unused pad bytes */ + path->dummy = 0; PG_RETURN_PATH_P(path); }