postgresql

mirror of https://git.postgresql.org/git/postgresql.git synced 2024-09-07 04:39:24 +02:00

History

Tom Lane de4b75c154 Fix choice of comparison operators for cross-type hashed subplans. Commit `bf6c614a2` rearranged the lookup of the comparison operators needed in a hashed subplan, and in so doing, broke the cross-type case: it caused the original LHS-vs-RHS operator to be used to compare hash table entries too (which of course are all of the RHS type). This leads to C functions being passed a Datum that is not of the type they expect, with the usual hazards of crashes and unauthorized server memory disclosure. For the set of hashable cross-type operators present in v11 core Postgres, this bug is nearly harmless on 64-bit machines, which may explain why it escaped earlier detection. But it is a live security hazard on 32-bit machines; and of course there may be extensions that add more hashable cross-type operators, which would increase the risk. Reported by Andreas Seltenreich. Back-patch to v11 where the problem came in. Security: CVE-2019-10209		2019-08-05 11:20:33 -04:00
..
data
expected	Fix choice of comparison operators for cross-type hashed subplans.	2019-08-05 11:20:33 -04:00
input
output
sql	Fix choice of comparison operators for cross-type hashed subplans.	2019-08-05 11:20:33 -04:00
.gitignore
GNUmakefile
Makefile
parallel_schedule	Move rolenames test out of the core regression tests.	2019-06-30 12:51:12 -04:00
pg_regress_main.c
pg_regress.c	Blind attempt to fix SSPI-auth case in 010_dump_connstr.pl.	2019-06-30 13:34:45 -04:00
pg_regress.h
README
regress.c	Initial pgindent run for v12.	2019-05-22 12:55:34 -04:00
regressplans.sh
resultmap
serial_schedule	Move rolenames test out of the core regression tests.	2019-06-30 12:51:12 -04:00
standby_schedule	Remove cvs keywords from all files.	2010-09-20 22:08:53 +02:00

README

Documentation concerning how to run these regression tests and interpret
the results can be found in the PostgreSQL manual, in the chapter
"Regression Tests".