rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/test
History
Tom Lane 8c6633f4de Compute aggregate argument types correctly in transformAggregateCall(). 
transformAggregateCall() captures the datatypes of the aggregate's
arguments immediately to construct the Aggref.aggargtypes list.
This seems reasonable because the arguments have already been
transformed --- but there is an edge case where they haven't been.
Specifically, if we have an unknown-type literal in an ANY argument
position, nothing will have been done with it earlier.  But if we
also have DISTINCT, then addTargetToGroupList() converts the literal
to "text" type, resulting in the aggargtypes list not matching the
actual runtime type of the argument.  The end result is that the
aggregate tries to interpret a "text" value as being of type
"unknown", that is a zero-terminated C string.  If the text value
contains no zero bytes, this could result in disclosure of server
memory following the text literal value.

To fix, move the collection of the aggargtypes list to the end
of transformAggregateCall(), after DISTINCT has been handled.
This requires slightly more code, but not a great deal.

Our thanks to Jingzhou Fu for reporting this problem.

Security: CVE-2023-5868
 		2023-11-06 10:38:00 -05:00
..
authentication Make new authentication test case more robust. 2020-09-04 21:01:59 -04:00
examples Client-side fixes for delayed NOTIFY receipt. 2018-10-19 22:22:57 -04:00
isolation Remove test from commit fa2e874946. 2023-08-10 10:27:24 -07:00
kerberos Adjust kerberos and ldap tests for Homebrew on ARM 2023-07-04 11:30:40 +02:00
ldap Adjust kerberos and ldap tests for Homebrew on ARM 2023-07-04 11:30:40 +02:00
locale Add a temp-install prerequisite to "check"-like targets not having one. 2017-11-05 18:51:08 -08:00
mb Fix MB regression tests for WAL-logging of hash indexes. 2017-03-15 07:25:36 -04:00
modules Reject substituting extension schemas or owners matching ["$'\]. 2023-08-07 06:06:01 -07:00
perl Make PG_TEST_NOCLEAN work for temporary directories in TAP tests 2023-07-03 10:06:20 +09:00
recovery Handle DROP DATABASE getting interrupted 2023-07-13 13:03:37 -07:00
regress Compute aggregate argument types correctly in transformAggregateCall(). 2023-11-06 10:38:00 -05:00
ssl Backpatch OpenSSL 3.0.0 compatibility in tests 2023-02-08 16:50:42 -05:00
subscription Ignore dropped columns during apply of update/delete. 2023-03-21 08:39:00 +05:30
thread Update copyright for 2018 2018-01-02 23:30:12 -05:00
Makefile Revert "Allow on-line enabling and disabling of data checksums" 2018-04-09 19:03:42 +02:00
README Add TAP tests for password-based authentication methods. 2017-03-17 11:34:16 +02:00

README 

PostgreSQL tests
================

This directory contains a variety of test infrastructure as well as some of the
tests in PostgreSQL. Not all tests are here -- in particular, there are more in
individual contrib/ modules and in src/bin.

Not all these tests get run by "make check". Check src/test/Makefile to see
which tests get run automatically.

authentication/
  Tests for authentication

examples/
  Demonstration programs for libpq that double as regression tests via
  "make check"

isolation/
  Tests for concurrent behavior at the SQL level

locale/
  Sanity checks for locale data, encodings, etc

mb/
  Tests for multibyte encoding (UTF-8) support

modules/
  Extensions used only or mainly for test purposes, generally not suitable
  for installing in production databases

perl/
  Infrastructure for Perl-based TAP tests

recovery/
  Test suite for recovery and replication

regress/
  PostgreSQL's main regression test suite, pg_regress

ssl/
  Tests to exercise and verify SSL certificate handling

subscription/
  Tests for logical replication

thread/
  A thread-safety-testing utility used by configure