Skip to content
Snippets Groups Projects
  1. Apr 18, 2014
    • Peter Eisentraut's avatar
      Create function prototype as part of PG_FUNCTION_INFO_V1 macro · e7128e8d
      Peter Eisentraut authored
      Because of gcc -Wmissing-prototypes, all functions in dynamically
      loadable modules must have a separate prototype declaration.  This is
      meant to detect global functions that are not declared in header files,
      but in cases where the function is called via dfmgr, this is redundant.
      Besides filling up space with boilerplate, this is a frequent source of
      compiler warnings in extension modules.
      
      We can fix that by creating the function prototype as part of the
      PG_FUNCTION_INFO_V1 macro, which such modules have to use anyway.  That
      makes the code of modules cleaner, because there is one less place where
      the entry points have to be listed, and creates an additional check that
      functions have the right prototype.
      
      Remove now redundant prototypes from contrib and other modules.
      e7128e8d
  2. Feb 17, 2014
    • Noah Misch's avatar
      Predict integer overflow to avoid buffer overruns. · 31400a67
      Noah Misch authored
      Several functions, mostly type input functions, calculated an allocation
      size such that the calculation wrapped to a small positive value when
      arguments implied a sufficiently-large requirement.  Writes past the end
      of the inadvertent small allocation followed shortly thereafter.
      Coverity identified the path_in() vulnerability; code inspection led to
      the rest.  In passing, add check_stack_depth() to prevent stack overflow
      in related functions.
      
      Back-patch to 8.4 (all supported versions).  The non-comment hstore
      changes touch code that did not exist in 8.4, so that part stops at 9.0.
      
      Noah Misch and Heikki Linnakangas, reviewed by Tom Lane.
      
      Security: CVE-2014-0064
      31400a67
  3. Nov 10, 2013
  4. Sep 07, 2013
  5. Jul 16, 2012
    • Peter Eisentraut's avatar
      Remove unreachable code · dd16f948
      Peter Eisentraut authored
      The Solaris Studio compiler warns about these instances, unlike more
      mainstream compilers such as gcc.  But manual inspection showed that
      the code is clearly not reachable, and we hope no worthy compiler will
      complain about removing this code.
      dd16f948
  6. Jul 05, 2012
  7. Jun 25, 2012
    • Peter Eisentraut's avatar
      Replace int2/int4 in C code with int16/int32 · b8b2e3b2
      Peter Eisentraut authored
      The latter was already the dominant use, and it's preferable because
      in C the convention is that intXX means XX bits.  Therefore, allowing
      mixed use of int2, int4, int8, int16, int32 is obviously confusing.
      
      Remove the typedefs for int2 and int4 for now.  They don't seem to be
      widely used outside of the PostgreSQL source tree, and the few uses
      can probably be cleaned up by the time this ships.
      b8b2e3b2
  8. Feb 28, 2012
  9. Feb 17, 2012
    • Tom Lane's avatar
      Fix longstanding error in contrib/intarray's int[] & int[] operator. · 06d9afa6
      Tom Lane authored
      The array intersection code would give wrong results if the first entry of
      the correct output array would be "1".  (I think only this value could be
      at risk, since the previous word would always be a lower-bound entry with
      that fixed value.)
      
      Problem spotted by Julien Rouhaud, initial patch by Guillaume Lelarge,
      cosmetic improvements by me.
      06d9afa6
  10. Oct 12, 2011
    • Tom Lane's avatar
      Throw a useful error message if an extension script file is fed to psql. · 458857cc
      Tom Lane authored
      We have seen one too many reports of people trying to use 9.1 extension
      files in the old-fashioned way of sourcing them in psql.  Not only does
      that usually not work (due to failure to substitute for MODULE_PATHNAME
      and/or @extschema@), but if it did work they'd get a collection of loose
      objects not an extension.  To prevent this, insert an \echo ... \quit
      line that prints a suitable error message into each extension script file,
      and teach commands/extension.c to ignore lines starting with \echo.
      That should not only prevent any adverse consequences of loading a script
      file the wrong way, but make it crystal clear to users that they need to
      do it differently now.
      
      Tom Lane, following an idea of Andrew Dunstan's.  Back-patch into 9.1
      ... there is not going to be much value in this if we wait till 9.2.
      458857cc
  11. Sep 11, 2011
    • Peter Eisentraut's avatar
      Remove many -Wcast-qual warnings · 1b81c2fe
      Peter Eisentraut authored
      This addresses only those cases that are easy to fix by adding or
      moving a const qualifier or removing an unnecessary cast.  There are
      many more complicated cases remaining.
      1b81c2fe
  12. Sep 01, 2011
  13. Apr 25, 2011
    • Peter Eisentraut's avatar
      Support "make check" in contrib · f8ebe3bc
      Peter Eisentraut authored
      Added a new option --extra-install to pg_regress to arrange installing
      the respective contrib directory into the temporary installation.
      This is currently not yet supported for Windows MSVC builds.
      
      Updated the .gitignore files for contrib modules to ignore the
      leftovers of a temp-install check run.
      
      Changed the exit status of "make check" in a pgxs build (which still
      does nothing) to 0 from 1.
      
      Added "make check" in contrib to top-level "make check-world".
      f8ebe3bc
  14. Apr 10, 2011
  15. Feb 18, 2011
    • Tom Lane's avatar
      One more hack to make contrib upgrades from 9.0 match fresh 9.1 installs. · 472f608e
      Tom Lane authored
      intarray and tsearch2 both reference core support functions in their GIN
      opclasses, and the signatures of those functions changed for 9.1.  We added
      backwards-compatible pg_proc entries for the functions in order to allow
      9.0 dump files to be restored at all, but that hack leaves the opclasses
      pointing at pg_proc entries different from what they'd point to if the
      contrib modules were installed fresh in 9.1.  To forestall any possibility
      of future problems, fix the opclasses to match fresh installs via the
      expedient of direct UPDATEs on pg_amproc in the update-from-unpackaged
      scripts.  (Yech ... but the alternatives are worse, or require far more
      effort than seems justified right now.)
      
      Note: updating pg_amproc is sufficient because there will be no pg_depend
      entries corresponding to these dependencies, since the referenced functions
      are all pinned.
      472f608e
  16. Feb 17, 2011
  17. Feb 16, 2011
    • Tom Lane's avatar
      Add backwards-compatible declarations of some core GIN support functions. · 6595dd04
      Tom Lane authored
      These are needed to support reloading dumps of 9.0 installations containing
      contrib/intarray or contrib/tsearch2.  Since not only regular dump/reload
      but binary upgrade would fail, it seems worth the trouble to carry these
      stubs for awhile.  Note that the contrib opclasses referencing these
      functions will still work fine, since GIN doesn't actually pay any
      attention to the declared signature of a support function.
      6595dd04
  18. Feb 14, 2011
    • Tom Lane's avatar
      Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. · 029fac22
      Tom Lane authored
      It was never terribly consistent to use OR REPLACE (because of the lack of
      comparable functionality for data types, operators, etc), and
      experimentation shows that it's now positively pernicious in the extension
      world.  We really want a failure to occur if there are any conflicts, else
      it's unclear what the extension-ownership state of the conflicted object
      ought to be.  Most of the time, CREATE EXTENSION will fail anyway because
      of conflicts on other object types, but an extension defining only
      functions can succeed, with bad results.
      029fac22
    • Tom Lane's avatar
      Convert contrib modules to use the extension facility. · 629b3af2
      Tom Lane authored
      This isn't fully tested as yet, in particular I'm not sure that the
      "foo--unpackaged--1.0.sql" scripts are OK.  But it's time to get some
      buildfarm cycles on it.
      
      sepgsql is not converted to an extension, mainly because it seems to
      require a very nonstandard installation process.
      
      Dimitri Fontaine and Tom Lane
      629b3af2
  19. Jan 27, 2011
    • Tom Lane's avatar
      Prevent buffer overrun while parsing an integer in a "query_int" value. · 7ccb6dc2
      Tom Lane authored
      contrib/intarray's gettoken() uses a fixed-size buffer to collect an
      integer's digits, and did not guard against overrunning the buffer.
      This is at least a backend crash risk, and in principle might allow
      arbitrary code execution.  The code didn't check for overflow of the
      integer value either, which while not presenting a crash risk was still
      bad.
      
      Thanks to Apple Inc's security team for reporting this issue and supplying
      the fix.
      
      Security: CVE-2010-4015
      7ccb6dc2
  20. Jan 09, 2011
    • Tom Lane's avatar
      Fix assorted corner-case bugs in contrib/intarray. · fdf2dbda
      Tom Lane authored
      The array containment operators now behave per mathematical expectation
      for empty arrays (ie, an empty array is contained in anything).
      Both these operators and the query_int operators now work as expected in
      GiST and GIN index searches, rather than having corner cases where the
      index searches gave different answers.
      
      Also, fix unexpected failures where the operators would claim that an array
      contained nulls, when in fact there was no longer any null present (similar
      to bug #5784).  The restriction to not have nulls is still there, as
      removing it would take a lot of added code complexity and probably slow
      things down significantly.
      
      Also, remove the arbitrary restriction to 1-D arrays; unlike the other
      restriction, this was buying us nothing performance-wise.
      
      Assorted cosmetic improvements and marginal performance improvements, too.
      fdf2dbda
  21. Jan 08, 2011
  22. Dec 19, 2010
    • Tom Lane's avatar
      Fix erroneous parsing of tsquery input "... & !(subexpression) | ..." · abc10262
      Tom Lane authored
      After parsing a parenthesized subexpression, we must pop all pending
      ANDs and NOTs off the stack, just like the case for a simple operand.
      Per bug #5793.
      
      Also fix clones of this routine in contrib/intarray and contrib/ltree,
      where input of types query_int and ltxtquery had the same problem.
      
      Back-patch to all supported versions.
      abc10262
  23. Nov 23, 2010
  24. Sep 22, 2010
  25. Sep 20, 2010
  26. Aug 19, 2010
  27. Mar 25, 2010
    • Tom Lane's avatar
      Fix ginint4_queryextract() to actually do what it was intended to do for an · 5ceb13c8
      Tom Lane authored
      unsatisfiable query, such as indexcol && empty_array.  It should return -1
      to tell GIN no scan is required; but silly typo disabled the logic for that,
      resulting in unnecessary "GIN indexes do not support whole-index scans" error.
      Per bug report from Jeff Trout.
      
      Back-patch to 8.3 where the logic was introduced.
      5ceb13c8
  28. Jun 11, 2009
  29. Jun 07, 2009
    • Tom Lane's avatar
      Revert my patch of 2009-04-04 that removed contrib/intarray's definitions of · 156475a5
      Tom Lane authored
      the <@ and @> operators.  These are not in fact equivalent to the built-in
      anyarray operators of the same names, because they have different behavior for
      empty arrays, namely they don't think empty arrays are contained in anything.
      That is mathematically wrong, no doubt, but until we can persuade GIN indexes
      to implement the mathematical definition we should probably not change this.
      Another reason for not changing it now is that we can't yet ensure the
      opclasses will be updated correctly in a dump-and-reload upgrade.  Per
      recent discussions.
      156475a5
  30. Apr 05, 2009
    • Tom Lane's avatar
      Remove contrib/intarray's definitions of the <@ and @> operators, so that they · 65e758a4
      Tom Lane authored
      don't cause confusion with the built-in anyarray versions of those operators.
      Adjust the module's index opclasses to support the built-in operators in place
      of the private ones.
      
      The private implementations are still available under their historical
      names @ and ~, so no functionality is lost.  Some quick testing suggests
      that they offer no real benefit over the core operators, however.
      
      Per a complaint from Rusty Conover.
      65e758a4
  31. Mar 25, 2009
    • Tom Lane's avatar
      Adjust the APIs for GIN opclass support functions to allow the extractQuery() · 87b8db37
      Tom Lane authored
      method to pass extra data to the consistent() and comparePartial() methods.
      This is the core infrastructure needed to support the soon-to-appear
      contrib/btree_gin module.  The APIs are still upward compatible with the
      definitions used in 8.3 and before, although *not* with the previous 8.4devel
      function definitions.
      
      catversion bump for changes in pg_proc entries (although these are just
      cosmetic, since GIN doesn't actually look at the function signature before
      calling it...)
      
      Teodor Sigaev and Oleg Bartunov
      87b8db37
  32. May 17, 2008
    • Andrew Dunstan's avatar
      Add $PostgreSQL$ markers to a lot of files that were missing them. · 53972b46
      Andrew Dunstan authored
      This particular batch was just for *.c and *.h file.
      
      The changes were made with the following 2 commands:
      
      find . \( \( -name 'libstemmer' -o -name 'expected' -o -name 'ppport.h' \) -prune \) -o  \( -name '*.[ch]'  \) \( -exec grep -q '\$PostgreSQL' {} \; -o -print \) | while read file ; do head -n 1 < $file | grep -q '^/\*' && echo $file; done | xargs -l sed -i -e '1s/^\// /' -e '1i/*\n * $PostgreSQL:$ \n *'
      
      find . \( \( -name 'libstemmer' -o -name 'expected' -o -name 'ppport.h' \) -prune \) -o  \( -name '*.[ch]'  \) \( -exec grep -q '\$PostgreSQL' {} \; -o -print \) | xargs -l sed -i -e '1i/*\n * $PostgreSQL:$ \n */'
      53972b46
  33. May 12, 2008
    • Alvaro Herrera's avatar
      Restructure some header files a bit, in particular heapam.h, by removing some · f8c4d7db
      Alvaro Herrera authored
      unnecessary #include lines in it.  Also, move some tuple routine prototypes and
      macros to htup.h, which allows removal of heapam.h inclusion from some .c
      files.
      
      For this to work, a new header file access/sysattr.h needed to be created,
      initially containing attribute numbers of system columns, for pg_dump usage.
      
      While at it, make contrib ltree, intarray and hstore header files more
      consistent with our header style.
      f8c4d7db
  34. Apr 14, 2008
    • Tom Lane's avatar
      Push index operator lossiness determination down to GIST/GIN opclass · 9b5c8d45
      Tom Lane authored
      "consistent" functions, and remove pg_amop.opreqcheck, as per recent
      discussion.  The main immediate benefit of this is that we no longer need
      8.3's ugly hack of requiring @@@ rather than @@ to test weight-using tsquery
      searches on GIN indexes.  In future it should be possible to optimize some
      other queries better than is done now, by detecting at runtime whether the
      index match is exact or not.
      
      Tom Lane, after an idea of Heikki's, and with some help from Teodor.
      9b5c8d45
  35. Mar 25, 2008
    • Tom Lane's avatar
      Simplify and standardize conversions between TEXT datums and ordinary C · 220db7cc
      Tom Lane authored
      strings.  This patch introduces four support functions cstring_to_text,
      cstring_to_text_with_len, text_to_cstring, and text_to_cstring_buffer, and
      two macros CStringGetTextDatum and TextDatumGetCString.  A number of
      existing macros that provided variants on these themes were removed.
      
      Most of the places that need to make such conversions now require just one
      function or macro call, in place of the multiple notational layers that used
      to be needed.  There are no longer any direct calls of textout or textin,
      and we got most of the places that were using handmade conversions via
      memcpy (there may be a few still lurking, though).
      
      This commit doesn't make any serious effort to eliminate transient memory
      leaks caused by detoasting toasted text objects before they reach
      text_to_cstring.  We changed PG_GETARG_TEXT_P to PG_GETARG_TEXT_PP in a few
      places where it was easy, but much more could be done.
      
      Brendan Jurd and Tom Lane
      220db7cc
  36. Nov 16, 2007
Loading