diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2025-01-15 16:53:53 +0100 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2025-01-15 16:58:44 +0100 |
| commit | b6463ea6ef3e46b32be96a23f3a9f47357847ce4 (patch) | |
| tree | d6a6e52dc80b4bee15bb98d35b1f2f9f130c202a /src | |
| parent | de9037d0d085f25d3c220a45bfbb7abc5794a0c8 (diff) | |
| download | postgresql-b6463ea6ef3e46b32be96a23f3a9f47357847ce4.tar.gz postgresql-b6463ea6ef3e46b32be96a23f3a9f47357847ce4.zip | |
Downgrade error in object_aclmask_ext() to internal
The "does not exist" error in object_aclmask_ext() was written as
ereport(), suggesting that it is user-facing. This is problematic:
get_object_class_descr() is meant to be for internal errors only and
does not support translation.
For the has_xxx_privilege functions, the error has not been
user-facing since commit 403ac226ddd. The remaining users are
pg_database_size() and pg_tablespace_size(). The call stack here is
pretty deep and this dependency is not obvious. Here we can put in an
explicit existence check with a bespoke error message early in the
function.
Then we can downgrade the error in object_aclmask_ext() to a normal
"cache lookup failed" internal error.
Reviewed-by: Alvaro Herrera <alvherre@alvh.no-ip.org>
Discussion: https://www.postgresql.org/message-id/flat/da2f8942-be6d-48d0-ac1c-a053370a6b1f@eisentraut.org
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/catalog/aclchk.c | 10 | ||||
| -rw-r--r-- | src/backend/utils/adt/dbsize.c | 18 |
2 files changed, 20 insertions, 8 deletions
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index bd006931938..02a754cc30a 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -3004,10 +3004,6 @@ pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, * Exported routines for examining a user's privileges for various objects * * See aclmask() for a description of the common API for these functions. - * - * Note: we give lookup failure the full ereport treatment because the - * has_xxx_privilege() family of functions allow users to pass any random - * OID to these functions. * **************************************************************** */ @@ -3074,10 +3070,8 @@ object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, return 0; } else - ereport(ERROR, - (errcode(ERRCODE_UNDEFINED_OBJECT), - errmsg("%s with OID %u does not exist", - get_object_class_descr(classid), objectid))); + elog(ERROR, "cache lookup failed for %s %u", + get_object_class_descr(classid), objectid); } ownerId = DatumGetObjectId(SysCacheGetAttrNotNull(cacheid, diff --git a/src/backend/utils/adt/dbsize.c b/src/backend/utils/adt/dbsize.c index e560fef6919..011d8d4da5a 100644 --- a/src/backend/utils/adt/dbsize.c +++ b/src/backend/utils/adt/dbsize.c @@ -170,6 +170,15 @@ pg_database_size_oid(PG_FUNCTION_ARGS) Oid dbOid = PG_GETARG_OID(0); int64 size; + /* + * Not needed for correctness, but avoid non-user-facing error message + * later if the database doesn't exist. + */ + if (!SearchSysCacheExists1(DATABASEOID, ObjectIdGetDatum(dbOid))) + ereport(ERROR, + errcode(ERRCODE_UNDEFINED_OBJECT), + errmsg("database with OID %u does not exist", dbOid)); + size = calculate_database_size(dbOid); if (size == 0) @@ -274,6 +283,15 @@ pg_tablespace_size_oid(PG_FUNCTION_ARGS) Oid tblspcOid = PG_GETARG_OID(0); int64 size; + /* + * Not needed for correctness, but avoid non-user-facing error message + * later if the tablespace doesn't exist. + */ + if (!SearchSysCacheExists1(TABLESPACEOID, ObjectIdGetDatum(tblspcOid))) + ereport(ERROR, + errcode(ERRCODE_UNDEFINED_OBJECT), + errmsg("tablespace with OID %u does not exist", tblspcOid)); + size = calculate_tablespace_size(tblspcOid); if (size < 0) |