rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/parser
History
Tom Lane 3b0776fde5 Compute aggregate argument types correctly in transformAggregateCall(). 
transformAggregateCall() captures the datatypes of the aggregate's
arguments immediately to construct the Aggref.aggargtypes list.
This seems reasonable because the arguments have already been
transformed --- but there is an edge case where they haven't been.
Specifically, if we have an unknown-type literal in an ANY argument
position, nothing will have been done with it earlier.  But if we
also have DISTINCT, then addTargetToGroupList() converts the literal
to "text" type, resulting in the aggargtypes list not matching the
actual runtime type of the argument.  The end result is that the
aggregate tries to interpret a "text" value as being of type
"unknown", that is a zero-terminated C string.  If the text value
contains no zero bytes, this could result in disclosure of server
memory following the text literal value.

To fix, move the collection of the aggargtypes list to the end
of transformAggregateCall(), after DISTINCT has been handled.
This requires slightly more code, but not a great deal.

Our thanks to Jingzhou Fu for reporting this problem.

Security: CVE-2023-5868
 		2023-11-06 10:38:00 -05:00
..
.gitignore Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:04 +02:00
Makefile Remove distprep 2023-11-06 15:18:04 +01:00
README Remove outdated reference to a removed file 2023-06-15 22:35:42 +09:00
analyze.c Avoid unnecessary plancache revalidation of utility statements. 2023-08-24 12:02:46 -04:00
check_keywords.pl Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
gram.y Extend ALTER OPERATOR to allow setting more optimization attributes. 2023-10-20 12:28:46 -04:00
gramparse.h Update copyright for 2023 2023-01-02 15:00:37 -05:00
meson.build Update copyright for 2023 2023-01-02 15:00:37 -05:00
parse_agg.c Compute aggregate argument types correctly in transformAggregateCall(). 2023-11-06 10:38:00 -05:00
parse_clause.c Add missing initializations of p_perminfo 2023-07-14 14:56:35 +09:00
parse_coerce.c Make Vars be outer-join-aware. 2023-01-30 13:16:20 -05:00
parse_collate.c Add trailing commas to enum definitions 2023-10-26 09:20:54 +02:00
parse_cte.c Add trailing commas to enum definitions 2023-10-26 09:20:54 +02:00
parse_enr.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
parse_expr.c Fix translation markers 2023-08-24 10:25:51 +02:00
parse_func.c Add trailing commas to enum definitions 2023-10-26 09:20:54 +02:00
parse_merge.c Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
parse_node.c Allow underscores in integer and numeric constants. 2023-02-04 09:48:51 +00:00
parse_oper.c Extend ALTER OPERATOR to allow setting more optimization attributes. 2023-10-20 12:28:46 -04:00
parse_param.c Update copyright for 2023 2023-01-02 15:00:37 -05:00
parse_relation.c Add missing initializations of p_perminfo 2023-07-14 14:56:35 +09:00
parse_target.c Track nesting depth correctly when drilling down into RECORD Vars. 2023-09-15 17:01:52 -04:00
parse_type.c Handle \v as a whitespace character in parsers 2023-07-06 08:16:24 +09:00
parse_utilcmd.c Add TupleDescGetDefault() 2023-09-27 18:52:40 +01:00
parser.c Code review for recent SQL/JSON commits 2023-04-04 14:04:30 +02:00
scan.l Handle \v as a whitespace character in parsers 2023-07-06 08:16:24 +09:00
scansup.c Handle \v as a whitespace character in parsers 2023-07-06 08:16:24 +09:00

README 

src/backend/parser/README

Parser
======

This directory does more than tokenize and parse SQL queries.  It also
creates Query structures for the various complex queries that are passed
to the optimizer and then executor.

parser.c	things start here
scan.l		break query into tokens
scansup.c	handle escapes in input strings
gram.y		parse the tokens and produce a "raw" parse tree
analyze.c	top level of parse analysis for optimizable queries
parse_agg.c	handle aggregates, like SUM(col1),  AVG(col2), ...
parse_clause.c	handle clauses like WHERE, ORDER BY, GROUP BY, ...
parse_coerce.c	handle coercing expressions to different data types
parse_collate.c	assign collation information in completed expressions
parse_cte.c	handle Common Table Expressions (WITH clauses)
parse_expr.c	handle expressions like col, col + 3, x = 3 or x = 4
parse_enr.c	handle ephemeral named rels (trigger transition tables, ...)
parse_func.c	handle functions, table.column and column identifiers
parse_merge.c	handle MERGE
parse_node.c	create nodes for various structures
parse_oper.c	handle operators in expressions
parse_param.c	handle Params (for the cases used in the core backend)
parse_relation.c support routines for tables and column handling
parse_target.c	handle the result list of the query
parse_type.c	support routines for data type handling
parse_utilcmd.c	parse analysis for utility commands (done at execution time)

See also src/common/keywords.c, which contains the table of standard
keywords and the keyword lookup function.  We separated that out because
various frontend code wants to use it too.