Repair incorrect check for coercion of unknown literal to ANYARRAY, a bug

I introduced in 7.4.1 :-(.  It's correct to allow unknown to be coerced to
ANY or ANYELEMENT, since it's a real-enough data type, but it most certainly
isn't an array datatype.  This can cause a backend crash but AFAICT is not
exploitable as a security hole.  Per report from Michael Fuhr.

Note: as fixed in HEAD, this changes a constant in the pg_stats view,
resulting in a change in the expected regression outputs.  The back-branch
patches have been hacked to avoid that, so that pre-existing installations
won't start failing their regression tests.

diff --git a/src/backend/parser/parse_coerce.c b/src/backend/parser/parse_coerce.c
index 610bb67836784746648ac17c250d4d44b13c6ba3..8947f3d83c74e2226428fa51eaf21358aec8f860 100644 (file)
--- a/src/backend/parser/parse_coerce.c
+++ b/src/backend/parser/parse_coerce.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/parser/parse_coerce.c,v 2.111.2.2 2006/01/12 22:29:31 neilc Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/parser/parse_coerce.c,v 2.111.2.3 2006/10/11 20:21:28 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -154,11 +154,28 @@ coerce_type(ParseState *pstate, Node *node,
                return node;
        }
        if (targetTypeId == ANYOID ||
-               targetTypeId == ANYARRAYOID ||
-               targetTypeId == ANYELEMENTOID)
+               targetTypeId == ANYELEMENTOID ||
+               (targetTypeId == ANYARRAYOID &&
+                (inputTypeId != UNKNOWNOID ||
+                 (IsA(node, Const) && ((Const *) node)->constisnull)))) /* HACK */
        {
-               /* assume can_coerce_type verified that implicit coercion is okay */
-               /* NB: we do NOT want a RelabelType here */
+               /*
+                * Assume can_coerce_type verified that implicit coercion is okay.
+                *
+                * Note: by returning the unmodified node here, we are saying that
+                * it's OK to treat an UNKNOWN constant as a valid input for a
+                * function accepting ANY or ANYELEMENT.  This should be all right,
+                * since an UNKNOWN value is still a perfectly valid Datum.  However
+                * an UNKNOWN value is definitely *not* an array, and so we mustn't
+                * accept it for ANYARRAY.  (Instead, we will call anyarray_in below,
+                * which will produce an error.)
+                *
+                * HACK: if it's a NULL UNKNOWN constant, return it as-is, same as
+                * before.  This is just to avoid changing the pg_stats view and thus
+                * the expected regression test results in back branches.
+                *
+                * NB: we do NOT want a RelabelType here.
+                */
                return node;
        }
        if (inputTypeId == UNKNOWNOID && IsA(node, Const))