Ensure result of an aggregate's finalfunc is made read-only.
The finalfunc might return a read-write expanded object. If we
de-duplicate multiple call sites for the aggregate, any function(s)
receiving the aggregate result earlier could alter or destroy the
value that reaches the ones called later. This is a brown-paper-bag
bug in commit 42b746d4c, because we actually considered the need
for read-only-ness but failed to realize that it applied to the case
with a finalfunc as well as the case without.
Per report from Justin Pryzby. New error in HEAD,
no need for back-patch.
Discussion: https://postgr.es/m/ZDm5TuKsh3tzoEjz@telsasoft.com
This commit is contained in:
Tom Lane
parent
1c54b93a8c
commit
78d5952dd0
|
|
@ -1040,9 +1040,10 @@ process_ordered_aggregate_multi(AggState *aggstate,
|
|||
* (But note that in some cases, such as when there is no finalfn, the
|
||||
* result might be a pointer to or into the agg's transition value.)
|
||||
*
|
||||
* The finalfn uses the state as set in the transno. This also might be
|
||||
* The finalfn uses the state as set in the transno. This also might be
|
||||
* being used by another aggregate function, so it's important that we do
|
||||
* nothing destructive here.
|
||||
* nothing destructive here. Moreover, the aggregate's final value might
|
||||
* get used in multiple places, so we mustn't return a R/W expanded datum.
|
||||
*/
|
||||
static void
|
||||
finalize_aggregate(AggState *aggstate,
|
||||
|
|
@ -1116,8 +1117,13 @@ finalize_aggregate(AggState *aggstate,
|
|||
}
|
||||
else
|
||||
{
|
||||
*resultVal = FunctionCallInvoke(fcinfo);
|
||||
Datum result;
|
||||
|
||||
result = FunctionCallInvoke(fcinfo);
|
||||
*resultIsNull = fcinfo->isnull;
|
||||
*resultVal = MakeExpandedObjectReadOnly(result,
|
||||
fcinfo->isnull,
|
||||
peragg->resulttypeLen);
|
||||
}
|
||||
aggstate->curperagg = NULL;
|
||||
}
|
||||
|
|
@ -1165,6 +1171,7 @@ finalize_partialaggregate(AggState *aggstate,
|
|||
else
|
||||
{
|
||||
FunctionCallInfo fcinfo = pertrans->serialfn_fcinfo;
|
||||
Datum result;
|
||||
|
||||
fcinfo->args[0].value =
|
||||
MakeExpandedObjectReadOnly(pergroupstate->transValue,
|
||||
|
|
@ -1173,8 +1180,11 @@ finalize_partialaggregate(AggState *aggstate,
|
|||
fcinfo->args[0].isnull = pergroupstate->transValueIsNull;
|
||||
fcinfo->isnull = false;
|
||||
|
||||
*resultVal = FunctionCallInvoke(fcinfo);
|
||||
result = FunctionCallInvoke(fcinfo);
|
||||
*resultIsNull = fcinfo->isnull;
|
||||
*resultVal = MakeExpandedObjectReadOnly(result,
|
||||
fcinfo->isnull,
|
||||
peragg->resulttypeLen);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -623,10 +623,15 @@ finalize_windowaggregate(WindowAggState *winstate,
|
|||
}
|
||||
else
|
||||
{
|
||||
Datum res;
|
||||
|
||||
winstate->curaggcontext = peraggstate->aggcontext;
|
||||
*result = FunctionCallInvoke(fcinfo);
|
||||
res = FunctionCallInvoke(fcinfo);
|
||||
winstate->curaggcontext = NULL;
|
||||
*isnull = fcinfo->isnull;
|
||||
*result = MakeExpandedObjectReadOnly(res,
|
||||
fcinfo->isnull,
|
||||
peraggstate->resulttypeLen);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -2758,6 +2758,43 @@ SELECT balk(hundred) FROM tenk1;
|
|||
|
||||
(1 row)
|
||||
|
||||
ROLLBACK;
|
||||
-- test multiple usage of an aggregate whose finalfn returns a R/W datum
|
||||
BEGIN;
|
||||
CREATE FUNCTION rwagg_sfunc(x anyarray, y anyarray) RETURNS anyarray
|
||||
LANGUAGE plpgsql IMMUTABLE AS $$
|
||||
BEGIN
|
||||
RETURN array_fill(y[1], ARRAY[4]);
|
||||
END;
|
||||
$$;
|
||||
CREATE FUNCTION rwagg_finalfunc(x anyarray) RETURNS anyarray
|
||||
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
|
||||
DECLARE
|
||||
res x%TYPE;
|
||||
BEGIN
|
||||
-- assignment is essential for this test, it expands the array to R/W
|
||||
res := array_fill(x[1], ARRAY[4]);
|
||||
RETURN res;
|
||||
END;
|
||||
$$;
|
||||
CREATE AGGREGATE rwagg(anyarray) (
|
||||
STYPE = anyarray,
|
||||
SFUNC = rwagg_sfunc,
|
||||
FINALFUNC = rwagg_finalfunc
|
||||
);
|
||||
CREATE FUNCTION eatarray(x real[]) RETURNS real[]
|
||||
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
|
||||
BEGIN
|
||||
x[1] := x[1] + 1;
|
||||
RETURN x;
|
||||
END;
|
||||
$$;
|
||||
SELECT eatarray(rwagg(ARRAY[1.0::real])), eatarray(rwagg(ARRAY[1.0::real]));
|
||||
eatarray | eatarray
|
||||
-----------+-----------
|
||||
{2,1,1,1} | {2,1,1,1}
|
||||
(1 row)
|
||||
|
||||
ROLLBACK;
|
||||
-- test coverage for aggregate combine/serial/deserial functions
|
||||
BEGIN;
|
||||
|
|
|
|||
|
|
@ -1207,6 +1207,45 @@ SELECT balk(hundred) FROM tenk1;
|
|||
|
||||
ROLLBACK;
|
||||
|
||||
-- test multiple usage of an aggregate whose finalfn returns a R/W datum
|
||||
BEGIN;
|
||||
|
||||
CREATE FUNCTION rwagg_sfunc(x anyarray, y anyarray) RETURNS anyarray
|
||||
LANGUAGE plpgsql IMMUTABLE AS $$
|
||||
BEGIN
|
||||
RETURN array_fill(y[1], ARRAY[4]);
|
||||
END;
|
||||
$$;
|
||||
|
||||
CREATE FUNCTION rwagg_finalfunc(x anyarray) RETURNS anyarray
|
||||
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
|
||||
DECLARE
|
||||
res x%TYPE;
|
||||
BEGIN
|
||||
-- assignment is essential for this test, it expands the array to R/W
|
||||
res := array_fill(x[1], ARRAY[4]);
|
||||
RETURN res;
|
||||
END;
|
||||
$$;
|
||||
|
||||
CREATE AGGREGATE rwagg(anyarray) (
|
||||
STYPE = anyarray,
|
||||
SFUNC = rwagg_sfunc,
|
||||
FINALFUNC = rwagg_finalfunc
|
||||
);
|
||||
|
||||
CREATE FUNCTION eatarray(x real[]) RETURNS real[]
|
||||
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
|
||||
BEGIN
|
||||
x[1] := x[1] + 1;
|
||||
RETURN x;
|
||||
END;
|
||||
$$;
|
||||
|
||||
SELECT eatarray(rwagg(ARRAY[1.0::real])), eatarray(rwagg(ARRAY[1.0::real]));
|
||||
|
||||
ROLLBACK;
|
||||
|
||||
-- test coverage for aggregate combine/serial/deserial functions
|
||||
BEGIN;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue