Remove typmod checking from the recent security-related patches. It turns

out that ExecEvalVar and friends don't necessarily have access to a tuple descriptor with correct typmod: it definitely can contain -1, and possibly might contain other values that are different from the Var's value. Arguably this should be cleaned up someday, but it's not a simple change, and in any case typmod discrepancies don't pose a security hazard. Per reports from numerous people :-( I'm not entirely sure whether the failure can occur in 8.0 --- the simple test cases reported so far don't trigger it there. But back-patch the change all the way anyway.
2025-05-05 09:19:17 +03:00 · 2007-02-06 17:35:27 +00:00 · 2007-02-06 17:35:27 +00:00 · 8d24b8bd7a
commit 8d24b8bd7a
parent 33623b51b6
2 changed files with 11 additions and 14 deletions
--- a/src/backend/executor/execQual.c
+++ b/src/backend/executor/execQual.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/executor/execQual.c,v 1.199.2.1 2007/02/02 00:07:27 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/executor/execQual.c,v 1.199.2.2 2007/02/06 17:35:27 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -485,8 +485,11 @@ ExecEvalVar(ExprState *exprstate, ExprContext *econtext,
 		 * Note: we allow a reference to a dropped attribute.  slot_getattr
 		 * will force a NULL result in such cases.
 		 *
-		 * Note: we check typmod, but allow the case that the Var has
+		 * Note: ideally we'd check typmod as well as typid, but that seems
-		 * unspecified typmod while the column has a specific typmod.
+		 * impractical at the moment: in many cases the tupdesc will have
 		 * been generated by ExecTypeFromTL(), and that can't guarantee to
 		 * generate an accurate typmod in all cases, because some expression
 		 * node types don't carry typmod.
 		 */
 		if (attnum > 0)
 		{
@ -502,9 +505,7 @@ ExecEvalVar(ExprState *exprstate, ExprContext *econtext,
 			/* can't check type if dropped, since atttypid is probably 0 */
 			if (!attr->attisdropped)
 			{
-				if (variable->vartype != attr->atttypid ||
+				if (variable->vartype != attr->atttypid)
 					(variable->vartypmod != attr->atttypmod &&
 					 variable->vartypmod != -1))
 					ereport(ERROR,
 							(errmsg("attribute %d has wrong type", attnum),
 							 errdetail("Table has type %s, but query expects %s.",
@ -3144,9 +3145,8 @@ ExecEvalFieldSelect(FieldSelectState *fstate,
 	}
 	/* Check for type mismatch --- possible after ALTER COLUMN TYPE? */
-	if (fselect->resulttype != attr->atttypid ||
+	/* As in ExecEvalVar, we should but can't check typmod */
-		(fselect->resulttypmod != attr->atttypmod &&
+	if (fselect->resulttype != attr->atttypid)
 		 fselect->resulttypmod != -1))
 		ereport(ERROR,
 				(errmsg("attribute %d has wrong type", fieldnum),
 				 errdetail("Table has type %s, but query expects %s.",
--- a/src/backend/executor/execUtils.c
+++ b/src/backend/executor/execUtils.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/executor/execUtils.c,v 1.140.2.2 2007/02/02 00:07:28 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/executor/execUtils.c,v 1.140.2.3 2007/02/06 17:35:27 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -632,10 +632,7 @@ ExecBuildProjectionInfo(List *targetList,
 			break;
 		}
 		attr = inputDesc->attrs[variable->varattno - 1];
-		if (attr->attisdropped ||
+		if (attr->attisdropped || variable->vartype != attr->atttypid)
 			variable->vartype != attr->atttypid ||
 			(variable->vartypmod != attr->atttypmod &&
 			 variable->vartypmod != -1))
 		{
 			isVarList = false;
 			break;