From 859b8dd51a0f4e5b7c9abe749cb83bffa7f11ce2 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Thu, 28 Dec 2006 01:09:01 +0000
Subject: [PATCH] Add a defense to prevent core dumps if 8.2 version of
 rank_cd() is used with the 8.1 SQL function definition for it.  Per report
 from Rajesh Kumar Mallah, such a DBA error doesn't seem at all improbable,
 and the cost of checking for it is not very high compared to the cost of
 running this function.  (It would have been better to change the C name of
 the function so it wouldn't be called by the old SQL definition, but it's too
 late for that now in the 8.2 branch.)

---
 contrib/tsearch2/rank.c       | 18 +++++++++++++++++-
 src/include/catalog/pg_type.h |  3 ++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/contrib/tsearch2/rank.c b/contrib/tsearch2/rank.c
index 7bd5e1adf01..f5de5c7746f 100644
--- a/contrib/tsearch2/rank.c
+++ b/contrib/tsearch2/rank.c
@@ -728,12 +728,28 @@ calc_rank_cd(float4 *arrdata, tsvector * txt, QUERYTYPE * query, int method)
 Datum
 rank_cd(PG_FUNCTION_ARGS)
 {
-	ArrayType  *win = (ArrayType *) PG_DETOAST_DATUM(PG_GETARG_DATUM(0));
+	ArrayType  *win;
 	tsvector   *txt = (tsvector *) PG_DETOAST_DATUM(PG_GETARG_DATUM(1));
 	QUERYTYPE  *query = (QUERYTYPE *) PG_DETOAST_DATUM_COPY(PG_GETARG_DATUM(2));
 	int			method = DEF_NORM_METHOD;
 	float4		res;
 
+	/*
+	 * Pre-8.2, rank_cd took just a plain int as its first argument.
+	 * It was a mistake to keep the same C function name while changing the
+	 * signature, but it's too late to fix that.  Instead, do a runtime test
+	 * to make sure the expected datatype has been passed.  This is needed
+	 * to prevent core dumps if tsearch2 function definitions from an old
+	 * database are loaded into an 8.2 server.
+	 */
+	if (get_fn_expr_argtype(fcinfo->flinfo, 0) != FLOAT4ARRAYOID)
+		ereport(ERROR,
+				(errcode(ERRCODE_INVALID_FUNCTION_DEFINITION),
+				 errmsg("rank_cd() now takes real[] as its first argument, not integer")));
+
+	/* now safe to dereference the first arg */
+	win = (ArrayType *) PG_DETOAST_DATUM(PG_GETARG_DATUM(0));
+
 	if (ARR_NDIM(win) != 1)
 		ereport(ERROR,
 				(errcode(ERRCODE_ARRAY_SUBSCRIPT_ERROR),
diff --git a/src/include/catalog/pg_type.h b/src/include/catalog/pg_type.h
index cb0c0e85746..b704637d433 100644
--- a/src/include/catalog/pg_type.h
+++ b/src/include/catalog/pg_type.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/catalog/pg_type.h,v 1.173 2006/12/21 16:05:15 petere Exp $
+ * $PostgreSQL: pgsql/src/include/catalog/pg_type.h,v 1.174 2006/12/28 01:09:01 tgl Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -422,6 +422,7 @@ DATA(insert OID = 1018 (  _lseg		 PGNSP PGUID -1 f b t \054 0 601 array_in array
 DATA(insert OID = 1019 (  _path		 PGNSP PGUID -1 f b t \054 0 602 array_in array_out array_recv array_send - d x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1020 (  _box		 PGNSP PGUID -1 f b t \073 0 603 array_in array_out array_recv array_send - d x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1021 (  _float4	 PGNSP PGUID -1 f b t \054 0 700 array_in array_out array_recv array_send - i x f 0 -1 0 _null_ _null_ ));
+#define FLOAT4ARRAYOID 1021
 DATA(insert OID = 1022 (  _float8	 PGNSP PGUID -1 f b t \054 0 701 array_in array_out array_recv array_send - d x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1023 (  _abstime	 PGNSP PGUID -1 f b t \054 0 702 array_in array_out array_recv array_send - i x f 0 -1 0 _null_ _null_ ));
 DATA(insert OID = 1024 (  _reltime	 PGNSP PGUID -1 f b t \054 0 703 array_in array_out array_recv array_send - i x f 0 -1 0 _null_ _null_ ));
-- 
GitLab