diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2023-04-16 14:16:40 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2023-04-16 14:16:40 -0400 |
| commit | 78d5952dd0e66afc4447eec07f770991fa406cce (patch) | |
| tree | d2be84d4bcfb7230bc2957aa4b1daf3789a2cadb /src/backend/executor/nodeAgg.c | |
| parent | 1c54b93a8cf959a826dfabd6cae55dce255df2f5 (diff) | |
| download | postgresql-78d5952dd0e66afc4447eec07f770991fa406cce.tar.gz postgresql-78d5952dd0e66afc4447eec07f770991fa406cce.zip | |
Ensure result of an aggregate's finalfunc is made read-only.
The finalfunc might return a read-write expanded object. If we
de-duplicate multiple call sites for the aggregate, any function(s)
receiving the aggregate result earlier could alter or destroy the
value that reaches the ones called later. This is a brown-paper-bag
bug in commit 42b746d4c, because we actually considered the need
for read-only-ness but failed to realize that it applied to the case
with a finalfunc as well as the case without.
Per report from Justin Pryzby. New error in HEAD,
no need for back-patch.
Discussion: https://postgr.es/m/ZDm5TuKsh3tzoEjz@telsasoft.com
Diffstat (limited to 'src/backend/executor/nodeAgg.c')
| -rw-r--r-- | src/backend/executor/nodeAgg.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c index 19342a420c1..28205f74331 100644 --- a/src/backend/executor/nodeAgg.c +++ b/src/backend/executor/nodeAgg.c @@ -1040,9 +1040,10 @@ process_ordered_aggregate_multi(AggState *aggstate, * (But note that in some cases, such as when there is no finalfn, the * result might be a pointer to or into the agg's transition value.) * - * The finalfn uses the state as set in the transno. This also might be + * The finalfn uses the state as set in the transno. This also might be * being used by another aggregate function, so it's important that we do - * nothing destructive here. + * nothing destructive here. Moreover, the aggregate's final value might + * get used in multiple places, so we mustn't return a R/W expanded datum. */ static void finalize_aggregate(AggState *aggstate, @@ -1116,8 +1117,13 @@ finalize_aggregate(AggState *aggstate, } else { - *resultVal = FunctionCallInvoke(fcinfo); + Datum result; + + result = FunctionCallInvoke(fcinfo); *resultIsNull = fcinfo->isnull; + *resultVal = MakeExpandedObjectReadOnly(result, + fcinfo->isnull, + peragg->resulttypeLen); } aggstate->curperagg = NULL; } @@ -1165,6 +1171,7 @@ finalize_partialaggregate(AggState *aggstate, else { FunctionCallInfo fcinfo = pertrans->serialfn_fcinfo; + Datum result; fcinfo->args[0].value = MakeExpandedObjectReadOnly(pergroupstate->transValue, @@ -1173,8 +1180,11 @@ finalize_partialaggregate(AggState *aggstate, fcinfo->args[0].isnull = pergroupstate->transValueIsNull; fcinfo->isnull = false; - *resultVal = FunctionCallInvoke(fcinfo); + result = FunctionCallInvoke(fcinfo); *resultIsNull = fcinfo->isnull; + *resultVal = MakeExpandedObjectReadOnly(result, + fcinfo->isnull, + peragg->resulttypeLen); } } else |