Ensure maxlen is at leat 1 in dict_int
commit : a2fdeb7863a684b661b0fcbaf90f00595be11bd0
author : Tomas Vondra <tomas.vondra@postgresql.org>
date : Tue, 3 Dec 2019 16:55:51 +0100
committer: Tomas Vondra <tomas.vondra@postgresql.org>
date : Tue, 3 Dec 2019 16:55:51 +0100
The dict_int text search dictionary template accepts maxlen parameter,
which is then used to cap the length of input strings. The value was
not properly checked, and the code simply does
txt[d->maxlen] = '\0';
to insert a terminator, leading to segfaults with negative values.
This commit simply rejects values less than 1. The issue was there since
dct_int was introduced in 9.3, so backpatch all the way back to 9.4
which is the oldest supported version.
Reported-by: cili
Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org
Backpatch-through: 9.4
M contrib/dict_int/dict_int.c
M contrib/dict_int/expected/dict_int.out
M contrib/dict_int/sql/dict_int.sql
Fix misbehavior with expression indexes on ON COMMIT DELETE ROWS tables.
commit : cfffa8a6b22d8813c30fd524affc07c0c580ea58
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Sun, 1 Dec 2019 13:09:27 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Sun, 1 Dec 2019 13:09:27 -0500
We implement ON COMMIT DELETE ROWS by truncating tables marked that
way, which requires also truncating/rebuilding their indexes. But
RelationTruncateIndexes asks the relcache for up-to-date copies of any
index expressions, which may cause execution of eval_const_expressions
on them, which can result in actual execution of subexpressions.
This is a bad thing to have happening during ON COMMIT. Manuel Rigger
reported that use of a SQL function resulted in crashes due to
expectations that ActiveSnapshot would be set, which it isn't.
The most obvious fix perhaps would be to push a snapshot during
PreCommit_on_commit_actions, but I think that would just open the door
to more problems: CommitTransaction explicitly expects that no
user-defined code can be running at this point.
Fortunately, since we know that no tuples exist to be indexed, there
seems no need to use the real index expressions or predicates during
RelationTruncateIndexes. We can set up dummy index expressions
instead (we do need something that will expose the right data type,
as there are places that build index tupdescs based on this), and
just ignore predicates and exclusion constraints.
In a green field it'd likely be better to reimplement ON COMMIT DELETE
ROWS using the same "init fork" infrastructure used for unlogged
relations. That seems impractical without catalog changes though,
and even without that it'd be too big a change to back-patch.
So for now do it like this.
Per private report from Manuel Rigger. This has been broken forever,
so back-patch to all supported branches.
M src/backend/catalog/heap.c
M src/backend/catalog/index.c
M src/backend/utils/cache/relcache.c
M src/include/catalog/index.h
M src/include/utils/relcache.h
M src/test/regress/expected/temp.out
M src/test/regress/sql/temp.sql
Fix off-by-one error in PGTYPEStimestamp_fmt_asc
commit : a17602de18f7ff7821054b3b7f51eadf9fb59d62
author : Tomas Vondra <tomas.vondra@postgresql.org>
date : Sat, 30 Nov 2019 14:51:27 +0100
committer: Tomas Vondra <tomas.vondra@postgresql.org>
date : Sat, 30 Nov 2019 14:51:27 +0100
When using %b or %B patterns to format a date, the code was simply using
tm_mon as an index into array of month names. But that is wrong, because
tm_mon is 1-based, while array indexes are 0-based. The result is we
either use name of the next month, or a segfault (for December).
Fix by subtracting 1 from tm_mon for both patterns, and add a regression
test triggering the issue. Backpatch to all supported versions (the bug
is there far longer, since at least 2003).
Reported-by: Paul Spencer
Backpatch-through: 9.4
Discussion: https://postgr.es/m/16143-0d861eb8688d3fef%40postgresql.org
M src/interfaces/ecpg/pgtypeslib/timestamp.c
M src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.c
M src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.stderr
M src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.stdout
M src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc
Fix typo in comment.
commit : 5f55e4c061d376304f979fef0f9aebae94e286bf
author : Etsuro Fujita <efujita@postgresql.org>
date : Wed, 27 Nov 2019 16:00:53 +0900
committer: Etsuro Fujita <efujita@postgresql.org>
date : Wed, 27 Nov 2019 16:00:53 +0900
M src/backend/optimizer/util/relnode.c
Avoid assertion failure with LISTEN in a serializable transaction.
commit : 864e8080e19007ed3377d679447d2fc06f148bc8
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Sun, 24 Nov 2019 15:57:32 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Sun, 24 Nov 2019 15:57:32 -0500
If LISTEN is the only action in a serializable-mode transaction,
and the session was not previously listening, and the notify queue
is not empty, predicate.c reported an assertion failure. That
happened because we'd acquire the transaction's initial snapshot
during PreCommit_Notify, which was called *after* predicate.c
expects any such snapshot to have been established.
To fix, just swap the order of the PreCommit_Notify and
PreCommit_CheckForSerializationFailure calls during CommitTransaction.
This will imply holding the notify-insertion lock slightly longer,
but the difference could only be meaningful in serializable mode,
which is an expensive option anyway.
It appears that this is just an assertion failure, with no
consequences in non-assert builds. A snapshot used only to scan
the notify queue could not have been involved in any serialization
conflicts, so there would be nothing for
PreCommit_CheckForSerializationFailure to do except assign it a
prepareSeqNo and set the SXACT_FLAG_PREPARED flag. And given no
conflicts, neither of those omissions affect the behavior of
ReleasePredicateLocks. This admittedly once-over-lightly analysis
is backed up by the lack of field reports of trouble.
Per report from Mark Dilger. The bug is old, so back-patch to all
supported branches; but the new test case only goes back to 9.6,
for lack of adequate isolationtester infrastructure before that.
Discussion: https://postgr.es/m/3ac7f397-4d5f-be8e-f354-440020675694@gmail.com
Discussion: https://postgr.es/m/13881.1574557302@sss.pgh.pa.us
M src/backend/access/transam/xact.c
Defend against self-referential views in relation_is_updatable().
commit : bcd541897fcf89b60494700f1f15ff70fae5ced7
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Thu, 21 Nov 2019 16:21:44 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Thu, 21 Nov 2019 16:21:44 -0500
While a self-referential view doesn't actually work, it's possible
to create one, and it turns out that this breaks some of the
information_schema views. Those views call relation_is_updatable(),
which neglected to consider the hazards of being recursive. In
older PG versions you get a "stack depth limit exceeded" error,
but since v10 it'd recurse to the point of stack overrun and crash,
because commit a4c35ea1c took out the expression_returns_set() call
that was incidentally checking the stack depth.
Since this function is only used by information_schema views, it
seems like it'd be better to return "not updatable" than suffer
an error. Hence, add tracking of what views we're examining,
in just the same way that the nearby fireRIRrules() code detects
self-referential views. I added a check_stack_depth() call too,
just to be defensive.
Per private report from Manuel Rigger. Back-patch to all
supported versions.
M src/backend/rewrite/rewriteHandler.c
M src/backend/utils/adt/misc.c
M src/include/rewrite/rewriteHandler.h
Remove incorrect markup
commit : 31d3da740cf888b7d59ab7ea82e329fe536a38d6
author : Magnus Hagander <magnus@hagander.net>
date : Wed, 20 Nov 2019 17:03:07 +0100
committer: Magnus Hagander <magnus@hagander.net>
date : Wed, 20 Nov 2019 17:03:07 +0100
Author: Daniel Gustafsson <daniel@yesql.se>
M doc/src/sgml/libpq.sgml
Revise GIN README
commit : 8165384babd96258ed521c4ea2567c70a1849948
author : Alexander Korotkov <akorotkov@postgresql.org>
date : Tue, 19 Nov 2019 23:11:24 +0300
committer: Alexander Korotkov <akorotkov@postgresql.org>
date : Tue, 19 Nov 2019 23:11:24 +0300
We find GIN concurrency bugs from time to time. One of the problems here is
that concurrency of GIN isn't well-documented in README. So, it might be even
hard to distinguish design bugs from implementation bugs.
This commit revised concurrency section in GIN README providing more details.
Some examples are illustrated in ASCII art.
Also, this commit add the explanation of how is tuple layout in internal GIN
B-tree page different in comparison with nbtree.
Discussion: https://postgr.es/m/CAPpHfduXR_ywyaVN4%2BOYEGaw%3DcPLzWX6RxYLBncKw8de9vOkqw%40mail.gmail.com
Author: Alexander Korotkov
Reviewed-by: Peter Geoghegan
Backpatch-through: 9.4
M src/backend/access/gin/README
Fix traversing to the deleted GIN page via downlink
commit : 4fc4856849deb51c8d8822d79b6f10d571dab4f6
author : Alexander Korotkov <akorotkov@postgresql.org>
date : Tue, 19 Nov 2019 23:08:14 +0300
committer: Alexander Korotkov <akorotkov@postgresql.org>
date : Tue, 19 Nov 2019 23:08:14 +0300
Current GIN code appears to don't handle traversing to the deleted page via
downlink. This commit fixes that by stepping right from the delete page like
we do in nbtree.
This commit also fixes setting 'deleted' flag to the GIN pages. Now other page
flags are not erased once page is deleted. That helps to keep our assertions
true if we arrive deleted page via downlink.
Discussion: https://postgr.es/m/CAPpHfdvMvsw-NcE5bRS7R1BbvA4BxoDnVVjkXC5W0Czvy9LVrg%40mail.gmail.com
Author: Alexander Korotkov
Reviewed-by: Peter Geoghegan
Backpatch-through: 9.4
M src/backend/access/gin/ginbtree.c
M src/backend/access/gin/gindatapage.c
M src/backend/access/gin/ginvacuum.c
M src/backend/access/gin/ginxlog.c
Doc: clarify use of RECURSIVE in WITH.
commit : 4871270e38e5ab0490b78c37ea7d4ccf3240edce
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Tue, 19 Nov 2019 14:43:37 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Tue, 19 Nov 2019 14:43:37 -0500
Apparently some people misinterpreted the syntax as being that
RECURSIVE is a prefix of individual WITH queries. It's a modifier
for the WITH clause as a whole, so state that more clearly.
Discussion: https://postgr.es/m/ca53c6ce-a0c6-b14a-a8e3-162f0b2cc119@a-kretschmer.de
M doc/src/sgml/ref/select.sgml
Doc: clarify behavior of ALTER DEFAULT PRIVILEGES ... IN SCHEMA.
commit : de8c2d38fddc4be2a4cd0c5108b428daa5cc781e
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Tue, 19 Nov 2019 14:21:42 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Tue, 19 Nov 2019 14:21:42 -0500
The existing text stated that "Default privileges that are specified
per-schema are added to whatever the global default privileges are for
the particular object type". However, that bare-bones observation is
not quite clear enough, as demonstrated by the complaint in bug #16124.
Flesh it out by stating explicitly that you can't revoke built-in
default privileges this way, and by providing an example to drive
the point home.
Back-patch to all supported branches, since it's been like this
from the beginning.
Discussion: https://postgr.es/m/16124-423d8ee4358421bc@postgresql.org
M doc/src/sgml/ref/alter_default_privileges.sgml
Further fix dumping of views that contain just VALUES(...).
commit : ecb533af623738f49a8bd748e688c7f02c1c0f9f
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Sat, 16 Nov 2019 20:00:20 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Sat, 16 Nov 2019 20:00:20 -0500
It turns out that commit e9f1c01b7 missed a case: we must print a
VALUES clause in long format if get_query_def is given a resultDesc
that would require the query's output column name(s) to be different
from what the bare VALUES clause would produce.
This applies in case an ALTER ... RENAME COLUMN has been done to
a view that formerly could be printed in simple format, as shown
in the added regression test case. It also explains bug #16119
from Dmitry Telpt, because it turns out that (unlike CREATE VIEW)
CREATE MATERIALIZED VIEW fails to apply any column aliases it's
given to the stored ON SELECT rule. So to get them to be printed,
we have to account for the resultDesc renaming. It might be worth
changing the matview code so that it creates the ON SELECT rule
with the correct aliases; but we'd still need these messy checks in
get_simple_values_rte to handle the case of a subsequent column
rename, so any such change would be just neatnik-ism not a bug fix.
Like the previous patch, back-patch to all supported branches.
Discussion: https://postgr.es/m/16119-e64823f30a45a754@postgresql.org
M src/backend/utils/adt/ruleutils.c
M src/test/regress/expected/rules.out
M src/test/regress/sql/rules.sql
Handle arrays and ranges in pg_upgrade's test for non-upgradable types.
commit : fb26754af4da8bdb25ca3bc8841714c4101c4107
author : Tom Lane <tgl@sss.pgh.pa.us>
date : Wed, 13 Nov 2019 11:35:37 -0500
committer: Tom Lane <tgl@sss.pgh.pa.us>
date : Wed, 13 Nov 2019 11:35:37 -0500
pg_upgrade needs to check whether certain non-upgradable data types
appear anywhere on-disk in the source cluster. It knew that it has
to check for these types being contained inside domains and composite
types; but it somehow overlooked that they could be contained in
arrays and ranges, too. Extend the existing recursive-containment
query to handle those cases.
We probably should have noticed this oversight while working on
commit 0ccfc2822 and follow-ups, but we failed to :-(. The whole
thing's possibly a bit overdesigned, since we don't really expect
that any of these types will appear on disk; but if we're going to
the effort of doing a recursive search then it's silly not to cover
all the possibilities.
While at it, refactor so that we have only one copy of the search
logic, not three-and-counting. Also, to keep the branches looking
more alike, back-patch the output wording change of commit 1634d3615.
Back-patch to all supported branches.
Discussion: https://postgr.es/m/31473.1573412838@sss.pgh.pa.us
M src/bin/pg_upgrade/version.c