granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Fri, 21 Aug 2015 16:21:37 +0000 (12:21 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Fri, 21 Aug 2015 16:21:37 +0000 (12:21 -0400)
commit	f469f634ad7338b7eab046238354f07930fb6bca
tree	fe41bb77510de57a1252e3542fd553c29ca4efe3	tree \| snapshot
parent	09b3d27256d26e258c7802cfd8fea06d81b0a62c	commit \| diff

Fix plpython crash when returning string representation of a RECORD result.

PLyString_ToComposite() blithely overwrote proc->result.out.d, even though
for a composite result type the other union variant proc->result.out.r is
the one that should be valid. This could result in a crash if out.r had
in fact been filled in (proc->result.is_rowtype == 1) and then somebody
later attempted to use that data; as per bug #13579 from Paweł Michalak.

Just to add insult to injury, it didn't work for RECORD results anyway,
because record_in() would refuse the case.

Fix by doing the I/O function lookup in a local PLyTypeInfo variable,
as we were doing already in PLyObject_ToComposite(). This is not a great
technique because any fn_extra data allocated by the input function will
be leaked permanently (thanks to using TopMemoryContext as fn_mcxt).
But that's a pre-existing issue that is much less serious than a crash,
so leave it to be fixed separately.

This bug would be a potential security issue, except that plpython is
only available to superusers and the crash requires coding the function
in a way that didn't work before today's patches.

Add regression test cases covering all the supported methods of converting
composite results.

Back-patch to 9.1 where the faulty coding was introduced.

src/pl/plpython/expected/plpython_composite.out		diff \| blob \| history
src/pl/plpython/plpy_typeio.c		diff \| blob \| history
src/pl/plpython/sql/plpython_composite.sql		diff \| blob \| history