rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-08-21 22:23:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
44,345 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
25b692568f
Go to file
Tom Lane 25b692568f Prevent dangling-pointer access when update trigger returns old tuple. 
A before-update row trigger may choose to return the "new" or "old" tuple
unmodified.  ExecBRUpdateTriggers failed to consider the second
possibility, and would proceed to free the "old" tuple even if it was the
one returned, leading to subsequent access to already-deallocated memory.
In debug builds this reliably leads to an "invalid memory alloc request
size" failure; in production builds it might accidentally work, but data
corruption is also possible.

This is a very old bug.  There are probably a couple of reasons it hasn't
been noticed up to now.  It would be more usual to return NULL if one
wanted to suppress the update action; returning "old" is significantly less
efficient since the update will occur anyway.  Also, none of the standard
PLs would ever cause this because they all returned freshly-manufactured
tuples even if they were just copying "old".  But commit 4b93f5799 changed
that for plpgsql, making it possible to see the bug with a plpgsql trigger.
Still, this is certainly legal behavior for a trigger function, so it's
ExecBRUpdateTriggers's fault not plpgsql's.

It seems worth creating a test case that exercises returning "old" directly
with a C-language trigger; testing this through plpgsql seems unreliable
because its behavior might change again.

Report and fix by Rushabh Lathia; regression test case by me.
Back-patch to all supported branches.

Discussion: https://postgr.es/m/CAGPqQf1P4pjiNPrMof=P_16E-DFjt457j+nH2ex3=nBTew7tXw@mail.gmail.com
2018-02-27 13:28:02 -05:00
config Extend configure's __int128 test to check for a known gcc bug. 2018-01-18 11:09:44 -05:00
contrib Empty search_path in Autovacuum and non-psql/pgbench clients. 2018-02-26 07:39:44 -08:00
doc Last-minute updates for release notes. 2018-02-26 12:14:27 -05:00
src Prevent dangling-pointer access when update trigger returns old tuple. 2018-02-27 13:28:02 -05:00
.dir-locals.el emacs: Set indent-tabs-mode in perl-mode 2015-04-12 23:53:23 -04:00
.gitattributes Remove contrib/tsearch2. 2017-02-13 11:06:11 -05:00
.gitignore Add lcov --initial 2017-09-29 08:54:34 -04:00
aclocal.m4 Make configure check for IPC::Run when --enable-tap-tests is specified. 2017-06-15 15:56:12 -04:00
configure Extend configure's __int128 test to check for a known gcc bug. 2018-01-18 11:09:44 -05:00
configure.in Another attempt at fixing build with various OpenSSL versions 2018-01-04 19:09:27 -05:00
COPYRIGHT Update copyright for 2018 2018-01-02 23:30:12 -05:00
GNUmakefile.in Have "make coverage" recurse into contrib as well 2016-09-05 18:44:36 -03:00
HISTORY Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00
Makefile Fix non-GNU makefiles for AIX make. 2017-11-30 00:57:22 -08:00
README Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00
README.git Change documentation references to PG website to use https: not http: 2017-05-20 21:50:47 -04:00

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	https://www.postgresql.org/download

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
https://www.postgresql.org/download/.  For more information look at our
web site located at https://www.postgresql.org/.