1
0
mirror of https://github.com/postgres/postgres.git synced 2025-05-26 18:17:33 +03:00

21968 Commits

Author SHA1 Message Date
Tom Lane
987b0664fb Fix elog.c to avoid infinite recursion (leading to backend crash) when
log_min_error_statement is active and there is some problem in logging the
current query string; for example, that it's too long to include in the log
message without running out of memory.  This problem has existed since the
log_min_error_statement feature was introduced.  No doubt the reason it
wasn't detected long ago is that 8.2 is the first release that defaults
log_min_error_statement to less than PANIC level.
Per report from Bill Moran.
2007-07-21 22:12:17 +00:00
Tom Lane
6d8afdee00 Fix WAL replay of truncate operations to cope with the possibility that the
truncated relation was deleted later in the WAL sequence.  Since replay
normally auto-creates a relation upon its first reference by a WAL log entry,
failure is seen only if the truncate entry happens to be the first reference
after the checkpoint we're restarting from; which is a pretty unusual case but
of course not impossible.  Fix by making truncate entries auto-create like
the other ones do.  Per report and test case from Dharmendra Goyal.
2007-07-20 16:30:05 +00:00
Tom Lane
a0b2bb8ced Make replace(), split_part(), and string_to_array() behave somewhat sanely
when handed an invalidly-encoded pattern.  The previous coding could get
into an infinite loop if pg_mb2wchar_with_len() returned a zero-length
string after we'd tested for nonempty pattern; which is exactly what it
will do if the string consists only of an incomplete multibyte character.
This led to either an out-of-memory error or a backend crash depending
on platform.  Per report from Wiktor Wodecki.
2007-07-19 20:34:34 +00:00
Andrew Dunstan
fbbc0f05f1 Only use the pipe chunking protocol if we know the syslogger should
be catching stderr output, and we are not ourselves the
syslogger. Otherwise, go directly to stderr.
Bug noticed by Tom Lane.
Backpatch as far as 8.0.
2007-07-19 19:14:54 +00:00
Tom Lane
429870e33e Fix an old thinko in SS_make_initplan_from_plan, which is used when optimizing
a MIN or MAX aggregate call into an indexscan: the initplan is being made at
the current query nesting level and so we shouldn't increment query_level.
Though usually harmless, this mistake could lead to bogus "plan should not
reference subplan's variable" failures on complex queries.  Per bug report
from David Sanchez i Gregori.
2007-07-18 21:41:22 +00:00
Tom Lane
b1def736b0 Fix incorrect optimization of foreign-key checks. When an UPDATE on the
referencing table does not change the tuple's FK column(s), we don't bother
to check the PK table since the constraint was presumably already valid.
However, the check is still necessary if the tuple was inserted by our own
transaction, since in that case the INSERT trigger will conclude it need not
make the check (since its version of the tuple has been deleted).  We got this
right for simple cases, but not when the insert and update are in different
subtransactions of the current top-level transaction; in such cases the FK
check would never be made at all.  (Hence, problem dates back to 8.0 when
subtransactions were added --- it's actually the subtransaction version of a
bug fixed in 7.3.5.)  Fix, and add regression test cases.  Report and fix by
Affan Salman.
2007-07-17 17:45:48 +00:00
Tom Lane
0f254ea39c Fix outfuncs.c to dump A_Const nodes representing NULLs correctly. This has
been broken since forever, but was not noticed because people seldom look
at raw parse trees.  AFAIK, no impact on users except that debug_print_parse
might fail; but patch it all the way back anyway.  Per report from Jeff Ross.
2007-07-17 01:22:03 +00:00
Joe Conway
7ff65db8b0 Restrict non-superusers to password authenticated connections
to prevent possible escalation of privilege. Provide new SECURITY
DEFINER functions with old behavior, but initially REVOKE ALL
from public for these functions. Per list discussion and design
proposed by Tom Lane.
2007-07-09 01:32:44 +00:00
Tom Lane
4ceaf35ff3 Remove the pgstat_drop_relation() call from smgr_internal_unlink(), because
we don't know at that point which relation OID to tell pgstat to forget.
The code was passing the relfilenode, which is incorrect, and could possibly
cause some other relation's stats to be zeroed out.  While we could try to
clean this up, it seems much simpler and more reliable to let the next
invocation of pgstat_vacuum_tabstat() fix things; which indeed is how it
worked before I introduced the buggy code into 8.1.3 and later :-(.
Problem noticed by Itagaki Takahiro, fix is per subsequent discussion.
2007-07-08 22:23:32 +00:00
Tom Lane
5d798ba82f Fix failure to restart Postgres when Linux kernel returns EIDRM for shmctl().
This is a Linux kernel bug that apparently exists in every extant kernel
version: sometimes shmctl() will fail with EIDRM when EINVAL is correct.
We were assuming that EIDRM indicates a possible conflict with pre-existing
backends, and refusing to start the postmaster when this happens.  Fortunately,
there does not seem to be any case where Linux can legitimately return EIDRM
(it doesn't track shmem segments in a way that would allow that), so we can
get away with just assuming that EIDRM means EINVAL on this platform.

Per reports from Michael Fuhr and Jon Lapham --- it's a bit surprising
we have not seen more reports, actually.
2007-07-02 20:12:05 +00:00
Tom Lane
2fc2402566 Fix a passel of ancient bugs in to_char(), including two distinct buffer
overruns (neither of which seem likely to be exploitable as security holes,
fortunately, since the provoker can't control the data written).  One of
these is due to choosing to stomp on the output of a called function, which
is bad news in any case; make it treat the called functions' results as
read-only.  Avoid some unnecessary palloc/pfree traffic too; it's not
really helpful to free small temporary objects, and again this is presuming
more than it ought to about the nature of the results of called functions.
Per report from Patrick Welche and additional code-reading by Imad.
2007-06-29 01:51:56 +00:00
Tom Lane
ed368c1b8e Fix incorrect tests for undef Perl values in some places in plperl.c.
The correct test for defined-ness is SvOK(sv), not anything involving
SvTYPE.  Per bug #3415 from Matt Taylor.
Back-patch as far as 8.0; no apparent problem in 7.x.
2007-06-28 17:50:17 +00:00
Tom Lane
12b9a64ccc transformColumnDefinition failed to complain about
create table foo (bar int default null default 3);
due to not thinking about the special-case handling of DEFAULT NULL.
Problem noticed while investigating bug #3396.
2007-06-20 18:21:15 +00:00
Tom Lane
f5bfaf9546 CREATE DOMAIN ... DEFAULT NULL failed because gram.y special-cases DEFAULT
NULL and DefineDomain didn't.  Bug goes all the way back to original coding
of domains.  Per bug #3396 from Sergey Burladyan.
2007-06-20 18:16:04 +00:00
Tom Lane
838e286247 Back-patch 8.2 fix that complains if trying to extend a relation encounters
a buffer containing a non-zeroed page.  This seems appropriate now that the
8.2 fix has been seen to save at least one user from data loss due to a
buggy kernel (per report from Jaime Silvela 7-May-07).  I'd go further
back than 8.1, except that the 8.0-to-8.1 bufmgr changes are large
enough that the patch doesn't work immediately; I'm hesitant to make a
change without more extensive analysis than I have time for now.
2007-06-18 01:14:08 +00:00
Alvaro Herrera
7cf20db3e5 Avoid having autovacuum run multiple ANALYZE commands in a single transaction,
to prevent possible deadlock problems.  Per request from Tom Lane.
2007-06-14 13:54:40 +00:00
Andrew Dunstan
1103beb52a Implement a chunking protocol for writes to the syslogger pipe, with messages
reassembled in the syslogger before writing to the log file. This prevents
partial messages from being written, which mucks up log rotation, and
messages from different backends being interleaved, which causes garbled
logs. Backport as far as 8.0, where the syslogger was introduced.

Tom Lane and Andrew Dunstan
2007-06-14 01:50:14 +00:00
Tom Lane
09bb362087 Allow numeric_fac() to be interrupted, since it can take quite a while for
large inputs.  Also cause it to error out immediately if the result will
overflow, instead of grinding through a lot of calculation first.
Per gripe from Jim Nasby.
2007-06-09 15:52:47 +00:00
Alvaro Herrera
bac7d7b53b Avoid losing track of data for shared tables in pgstats. Report by Michael
Fuhr, patch from Tom Lane after a messier suggestion by me.
2007-06-07 19:07:11 +00:00
Tom Lane
5e25d43893 Fix array_dims() example to be consistent with the data previously shown.
Christian Rossow
2007-06-07 14:50:07 +00:00
Magnus Hagander
86c68fd0b2 Oops. Patch didn't work properly for 8.1, so don't backpatch a then-unused
variable either.
2007-06-04 13:48:29 +00:00
Magnus Hagander
ca82953745 On win32, retry reading when WSARecv returns WSAEWOULDBLOCK. There seem
to be cases when at least Windows 2000 can do this even though select
just indicated that the socket is readable.

Per report and analysis from Cyril VELTER.
2007-06-04 13:39:34 +00:00
Magnus Hagander
cec960f2e3 On win32, don't use SO_REUSEADDR for TCP sockets.
Per failure on buildfarm member baiji and subsequent discussion.
2007-06-04 11:59:34 +00:00
Tom Lane
27918376f0 Fix erroneous error reporting for overlength input in text_date(),
text_time(), and text_timetz().  7.4-vintage bug found by Greg Stark.
2007-06-02 16:41:23 +00:00
Tom Lane
dc9b57fcc8 Fix aboriginal bug in BufFileDumpBuffer that would cause it to write the
wrong data when dumping a bufferload that crosses a component-file boundary.
This probably has not been seen in the wild because (a) component files are
normally 1GB apiece and (b) non-block-aligned buffer usage is relatively
rare.  But it's fairly easy to reproduce a problem if one reduces RELSEG_SIZE
in a test build.  Kudos to Kurt Harriman for spotting the bug.
2007-06-01 23:43:23 +00:00
Tom Lane
38bbcb3888 Fix performance problems in multi-batch hash joins by ensuring that we select
a well-randomized batch number even when given a poorly-randomized hash value.
This is a bit inefficient but seems the only practical solution given the
constraint that we can't change the hash functions in released branches.
Per report from Joseph Shraibman.

Applied to 8.1 and 8.2 only --- HEAD is getting a cleaner fix, and 8.0 and
before use different coding that seems less vulnerable.
2007-06-01 15:58:09 +00:00
Tom Lane
4c2158bf0c Fix overly-strict sanity check in BeginInternalSubTransaction that made it
fail when used in a deferred trigger.  Bug goes back to 8.0; no doubt the
reason it hadn't been noticed is that we've been discouraging use of
user-defined constraint triggers.  Per report from Frank van Vugt.
2007-05-30 21:01:53 +00:00
Neil Conway
21b8d51de6 Fix a bug in input processing for the "interval" type. Previously,
"microsecond" and "millisecond" units were not considered valid input
by themselves, which caused inputs like "1 millisecond" to be rejected
erroneously.

Update the docs, add regression tests, and backport to 8.2 and 8.1
2007-05-29 04:59:44 +00:00
Tom Lane
9ccf784833 Fix best_inner_indexscan to return both the cheapest-total-cost and
cheapest-startup-cost innerjoin indexscans, and make joinpath.c consider
both of these (when different) as the inside of a nestloop join.  The
original design was based on the assumption that indexscan paths always
have negligible startup cost, and so total cost is the only important
figure of merit; an assumption that's obviously broken by bitmap
indexscans.  This oversight could lead to choosing poor plans in cases
where fast-start behavior is more important than total cost, such as
LIMIT and IN queries.  8.1-vintage brain fade exposed by an example from
Chuck D.
2007-05-22 01:40:53 +00:00
Peter Eisentraut
3c49269b90 Fix spurious German index entry 2007-05-21 15:09:46 +00:00
Michael Meskes
7b5d257ee1 Removed errant ISODOW 2007-05-21 14:57:16 +00:00
Michael Meskes
287671749c Backported fix from HEAD that removes superfluous function Vista has a problem with 2007-05-21 07:12:51 +00:00
Tom Lane
2df0eb1d57 Remove redundant logging of send failures when SSL is in use. While pqcomm.c
had been taught not to do that ages ago, the SSL code was helpfully bleating
anyway.  Resolves some recent reports such as bug #3266; however the
underlying cause of the related bug #2829 is still unclear.
2007-05-18 01:20:33 +00:00
Alvaro Herrera
cac0d6922f Avoid emitting empty role names in the GRANTED BY clause of GRANT ROLE
when the grantor has been dropped.  This is a workaround for the fact
that we don't track the grantor as a shared dependency.
2007-05-15 20:20:29 +00:00
Magnus Hagander
6a94e76e47 Document that CLUSTER breaks MVCC visibility rules.
(Not needed in cvs head, because CLUSTER itself is fixed there)

Heikki Linnakangas
2007-05-13 16:04:35 +00:00
Tom Lane
5bdefc83a8 Fix a thinko in my patch of a couple months ago for bug #3116: it did the
wrong thing when inlining polymorphic SQL functions, because it was using the
function's declared return type where it should have used the actual result
type of the current call.  In 8.1 and 8.2 this causes obvious failures even if
you don't have assertions turned on; in 8.0 and 7.4 it would only be a problem
if the inlined expression were used as an input to a function that did
run-time type determination on its inputs.  Add a regression test, since this
is evidently an under-tested area.
2007-05-01 18:54:09 +00:00
Michael Meskes
56680bae08 Removed non-existant function from extern.h 2007-04-27 07:55:28 +00:00
Michael Meskes
72e6a18813 Inlined two functions to get rid of va_list prolems on some archs. 2007-04-27 06:58:24 +00:00
Tom Lane
ca27e5ec4c Fix dynahash.c to suppress hash bucket splits while a hash_seq_search() scan
is in progress on the same hashtable.  This seems the least invasive way to
fix the recently-recognized problem that a split could cause the scan to
visit entries twice or (with much lower probability) miss them entirely.
The only field-reported problem caused by this is the "failed to re-find
shared lock object" PANIC in COMMIT PREPARED reported by Michel Dorochevsky,
which was caused by multiply visited entries.  However, it seems certain
that mdsync() is vulnerable to missing required fsync's due to missed
entries, and I am fearful that RelationCacheInitializePhase2() might be at
risk as well.  Because of that and the generalized hazard presented by this
bug, back-patch all the supported branches.

Along the way, fix pg_prepared_statement() and pg_cursor() to not assume
that the hashtables they are examining will stay static between calls.
This is risky regardless of the newly noted dynahash problem, because
hash_seq_search() has never promised to cope with deletion of table entries
other than the just-returned one.  There may be no bug here because the only
supported way to call these functions is via ExecMakeTableFunctionResult()
which will cycle them to completion before doing anything very interesting,
but it seems best to get rid of the assumption.  This affects 8.2 and HEAD
only, since those functions weren't there earlier.
2007-04-26 23:25:09 +00:00
Neil Conway
a99381619e Fix newly-introduced documentation typo. 2007-04-23 16:52:58 +00:00
PostgreSQL Daemon
2bf97c9c4a Update configure.in for release
Security: hold for release
REL8_1_9
2007-04-20 03:32:59 +00:00
Tom Lane
d8f365365b Fix markup.
Security: CVE-2007-2138
2007-04-20 03:27:43 +00:00
Tom Lane
fc52d13ca6 Support explicit placement of the temporary-table schema within search_path.
This is needed to allow a security-definer function to set a truly secure
value of search_path.  Without it, a malicious user can use temporary objects
to execute code with the privileges of the security-definer function.  Even
pushing the temp schema to the back of the search path is not quite good
enough, because a function or operator at the back of the path might still
capture control from one nearer the front due to having a more exact datatype
match.  Hence, disable searching the temp schema altogether for functions and
operators.

Security: CVE-2007-2138
2007-04-20 02:38:05 +00:00
Tom Lane
2a1b76f046 Sync timezone data with 2007e zic release. 2007-04-19 22:44:44 +00:00
Tom Lane
d184462ae0 Repair PANIC condition in hash indexes when a previous index extension attempt
failed (due to lock conflicts or out-of-space).  We might have already
extended the index's filesystem EOF before failing, causing the EOF to be
beyond what the metapage says is the last used page.  Hence the invariant
maintained by the code needs to be "EOF is at or beyond last used page",
not "EOF is exactly the last used page".  Problem was created by my patch
of 2006-11-19 that attempted to repair bug #2737.  Since that was
back-patched to 7.4, this needs to be as well.  Per report and test case
from Vlastimil Krejcir.
2007-04-19 20:24:18 +00:00
Bruce Momjian
9e7ea85984 Release wording updates for releases 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. 2007-04-19 13:02:30 +00:00
Bruce Momjian
6f4baccdb1 Update FAQ to mention most recent release for releases
8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19.
2007-04-19 04:04:50 +00:00
Bruce Momjian
4938f2d6c0 Stamp releases 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. 2007-04-19 03:06:50 +00:00
Bruce Momjian
05465579c3 Release note updates for 8.2.4, 8.1.9, 8.0.13, 7.4.17, 7.3.19. 2007-04-19 02:47:17 +00:00
Peter Eisentraut
0f96720312 Translation updates 2007-04-18 20:45:10 +00:00