| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
| |
not schema-safe. Per report from Jochem van Dieten.
|
| |
|
|
| |
prepared for HAVE_INT64_TIMESTAMP. Per report from Guillaume Beaudoin.
|
| |
|
|
|
|
|
| |
to just around the bare recv() call that gets a command from the client.
The former placement in PostgresMain was unsafe because the intermediate
processing layers (especially SSL) use facilities such as malloc that are
not necessarily re-entrant. Per report from counterstorm.com.
|
| |
|
|
| |
[One half already was committed with the last commit.]
|
| | |
|
| |
|
|
|
|
|
|
| |
and DDL statements.
Backpatch fix to 8.0.X.
Per report from Murthy Kambhampaty
|
| |
|
|
|
|
| |
expressions it constructed, causing scalarineqsel to become confused
if the underlying variable was of a domain type. Per report from
Kevin Grittner.
|
| |
|
|
|
| |
WAL record; this is necessary to be sure we recognize stale WAL records
when a WAL page was only partially written during a system crash.
|
| |
|
|
|
|
| |
to columns of an RTE that was a function returning RECORD with a column
definition list. Apparently no one has tried to use non-default typmod
with a function returning RECORD before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
working buffer into ParseDateTime() and reject too-long input there,
rather than checking the length of the input string before calling
ParseDateTime(). The old method was bogus because ParseDateTime() can use
a variable amount of working space, depending on the content of the
input string (e.g. how many fields need to be NUL terminated). This fixes
a minor stack overrun -- I don't _think_ it's exploitable, although I
won't claim to be an expert.
Along the way, fix a bug reported by Mark Dilger: the working buffer
allocated by interval_in() was too short, which resulted in rejecting
some perfectly valid interval input values. I added a regression test for
this fix.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
if they are two-byte multibyte characters. Same thing can be happen
if octet_length(multibyte_chars) == n where n is char(n).
Long standing bug since 7.3 days. Per report and fix from Yoshiyuki Asaba.
|
| |
|
|
|
|
|
| |
where there was also a WHERE-clause restriction that applied to the
join. The check on restrictlist == NIL is really unnecessary anyway,
because select_mergejoin_clauses already checked for and complained
about any unmergejoinable join clauses. So just take it out.
|
| |
|
|
| |
sharing of %_SHARED. From Andrew Dunstan.
|
| |
|
|
| |
Per report from Brian Hackett.
|
| | |
|
| |
|
|
| |
input. Also add a regression test for this bug. From Andrew Dunstan.
|
| |
|
|
| |
need to be created by hand anymore.
|
| |
|
|
|
|
|
|
| |
and VACUUM: in the interval between adding a new page to the relation
and formatting it, it was possible for VACUUM to come along and decide
it should format the page too. Though not harmful in itself, this would
cause data loss if a third transaction were able to insert tuples into
the vacuumed page before the original extender got control back.
|
| |
|
|
|
|
|
| |
before we check commit/abort status. Formerly this was done in some paths
but not all, with the result that a transaction might be considered
committed for some purposes before it became committed for others.
Per example found by Jan Wieck.
|
| | |
|
| |
|
|
| |
is a way to recover from disabling connections to all databases at once.
|
| |
|
|
| |
Jason Erickson
|
| |
|
|
| |
so that restart doesn't fail when old postmaster died unbetimes.
|
| | |
|
| |
|
|
|
|
| |
output area as INTERNAL not CSTRING. This is to prevent people from
calling the functions by hand. This is a permanent solution for the
back branches but I hope it is just a stopgap for HEAD.
|
| |
|
|
|
|
|
|
| |
that return INTERNAL without also having INTERNAL arguments. Since the
functions in question aren't meant to be called by hand anyway, I just
redeclared them to take 'internal' instead of 'text'. Also add code
to ProcedureCreate() to enforce the restriction, as I should have done
to start with :-(
|
| | |
|
| |
|
|
|
|
|
| |
record object itself, rather than relying on a second OID argument to be
correct. This patch just changes the function behavior and not the
catalogs, so it's OK to back-patch to 8.0. Will remove the now-redundant
second argument in pg_proc in a separate patch in HEAD only.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a warning when a variable is used as a format string for printf()
and similar functions (if the variable is derived from untrusted
data, it could include unexpected formatting sequences). This
emits too many warnings to be enabled by default, but it does
flag a few dubious constructs in the Postgres tree. This patch
fixes up the obvious variants: functions that are passed a variable
format string but no additional arguments.
Most of these are harmless (e.g. the ruleutils stuff), but there
is at least one actual bug here: if you create a trigger named
"%sfoo", pg_dump will read uninitialized memory and fail to dump
the trigger correctly.
|
| |
|
|
|
| |
incorrect -F argument: write_msg() expects its first parameter to be a
"module name", not the format string.
|
| | |
|
| | |
|
| |
|
|
| |
Reorder MSC makefile to be more consistent and easier to maintain.
|
| |
|
|
|
|
|
| |
of timetz values misbehaved in --enable-integer-datetime cases, and
EXTRACT(EPOCH) subtracted the zone instead of adding it in all cases.
Backpatch to all supported releases (except --enable-integer-datetime code
does not exist in 7.2).
|
| |
|
|
| |
postmaster.pid still represents a live postmaster.
|
| |
|
|
| |
it. Per report from Marinos Yannikos.
|
| |
|
|
| |
--enable-integer-datetimes case. Per report from Oliver Siegmar.
|
| |
|
|
|
| |
than simply passing it down to pg_dump. Else, version-related failures
in pg_dumpall itself generate unhelpful error messages.
|
| |
|
|
|
| |
pfree'able result, since some callers expect to be able to pfree
the result of a pass-by-reference function. Per report from Chris Trawick.
|
| | |
|
| |
|
|
|
|
|
|
| |
which induced bug #1597 in addition to having several other misbehaviors
(like labeling the dump with a completion time having nothing to do with
reality). Instead just print out the desired strings where RestoreArchive
was already emitting the 'PostgreSQL database dump' and
'PostgreSQL database dump complete' strings.
|
| |
|
|
|
|
|
|
|
|
| |
assuming comparison of atttypid is sufficient. In a dropped column
atttypid will be 0, and we'd better check the physical-storage data
to make sure the tupdescs are physically compatible.
I do not believe there is a real risk before 8.0, since before that
we only used this routine to compare successive states of the tupdesc
for a particular relation. But 8.0's typcache.c might be comparing
arbitrary tupdescs so we'd better play it safer.
|
| |
|
|
|
| |
isn't presently set up to pass them an expected tuple descriptor. Bug has
been there since 7.3 but was just recently reported by Thomas Hallgren.
|
| |
|
|
| |
thread support.
|
| |
|
|
|
|
| |
deferred triggers: either one can create more work for the other,
so we have to loop till it's all gone. Per example from andrew@supernews.
Add a regression test to help spot trouble in this area in future.
|
| |
|
|
|
|
| |
while completing execution of the cursor's query. Otherwise we get wrong
answers or even crashes from non-volatile functions called by the query.
Per report from andrew@supernews.
|
| |
|
|
|
| |
that is a plain NULL and not a COALESCE with no inputs. Fixes crash
reported by Michael Williamson.
|
