Tom Lane [Thu, 27 Jan 2011 22:41:41 +0000 (17:41 -0500)]
Prevent buffer overrun while parsing an integer in a "query_int" value.
contrib/intarray's gettoken() uses a fixed-size buffer to collect an
integer's digits, and did not guard against overrunning the buffer.
This is at least a backend crash risk, and in principle might allow
arbitrary code execution. The code didn't check for overflow of the
integer value either, which while not presenting a crash risk was still
bad.
Thanks to Apple Inc's security team for reporting this issue and supplying
the fix.
Tom Lane [Thu, 27 Jan 2011 21:27:27 +0000 (16:27 -0500)]
Don't include <asm/ia64regs.h> unnecessarily.
We only need that header when compiling with icc, since the gcc variant of
ia64_get_bsp() uses in-line assembly code. Per report from Frank Brendel,
the header doesn't exist on all IA64 platforms; so don't include it unless
we need it.
Robert Haas [Thu, 27 Jan 2011 13:35:34 +0000 (08:35 -0500)]
Restore ALTER TABLE .. ADD COLUMN w/DEFAULT restriction.
This reverts commit a06e41deebdf74b8b5109329dc75b2e9d9057962 of 2011-01-26.
Per discussion, this behavior is not wanted, as it would need to change if
we ever made composite types support DEFAULT.
Tom Lane [Thu, 27 Jan 2011 00:33:50 +0000 (19:33 -0500)]
Change inv_truncate() to not repeat its systable_getnext_ordered() scan.
In the case where the initial call of systable_getnext_ordered() returned
NULL, this function would nonetheless call it again. That's undefined
behavior that only by chance failed to not give visibly incorrect results.
Put an if-test around the final loop to prevent that, and in passing
improve some comments. No back-patch since there's no actual failure.
Peter Eisentraut [Wed, 26 Jan 2011 23:03:55 +0000 (01:03 +0200)]
autoreconf
Synchronize pg_config.h.in with configure.in (someone must have
forgotten to run autoheader or autoreconf), and clean up some spurious
change in configure introduced by the last commit there.
Peter Eisentraut [Wed, 26 Jan 2011 22:47:14 +0000 (00:47 +0200)]
Improve exception usage in PL/Python
Use the built-in TypeError, not SPIError, for errors having to do with
argument counts or types. Use SPIError, not simply plpy.Error, for
errors in PLy_spi_execute_plan. Finally, do not set a Python
exception if PyArg_ParseTuple failed, as it already sets the correct
exception.
Robert Haas [Wed, 26 Jan 2011 11:23:23 +0000 (06:23 -0500)]
Remove arbitrary ALTER TABLE .. ADD COLUMN restriction.
The previous coding prevented ALTER TABLE .. ADD COLUMN from being used
with a non-NULL default in situations where the table's rowtype was being
used elsewhere. But this is a completely arbitrary restriction since
you could do the same operation in multiple steps (add the column, add
the default, update the table).
Inspired by a patch from Noah Misch, though I didn't use his code.
Bruce Momjian [Wed, 26 Jan 2011 03:18:24 +0000 (22:18 -0500)]
Adjust pg_test_fsync to always do XLOG_BLCKSZ-sized writes, rather than
always 8k writes, per suggestion from Tom. Also adjust open_sync output
layout.
Tom Lane [Tue, 25 Jan 2011 22:51:59 +0000 (17:51 -0500)]
Replace pg_class.relhasexclusion with pg_index.indisexclusion.
There isn't any need to track this state on a table-wide basis, and trying
to do so introduces undesirable semantic fuzziness. Move the flag to
pg_index, where it clearly describes just a single index and can be
immutable after index creation.
Tom Lane [Tue, 25 Jan 2011 20:42:03 +0000 (15:42 -0500)]
Implement ALTER TABLE ADD UNIQUE/PRIMARY KEY USING INDEX.
This feature allows a unique or pkey constraint to be created using an
already-existing unique index. While the constraint isn't very
functionally different from the bare index, it's nice to be able to do that
for documentation purposes. The main advantage over just issuing a plain
ALTER TABLE ADD UNIQUE/PRIMARY KEY is that the index can be created with
CREATE INDEX CONCURRENTLY, so that there is not a long interval where the
table is locked against updates.
On the way, refactor some of the code in DefineIndex() and index_create()
so that we don't have to pass through those functions in order to create
the index constraint's catalog entries. Also, in parse_utilcmd.c, pass
around the ParseState pointer in struct CreateStmtContext to save on
notation, and add error location pointers to some error reports that didn't
have one before.
Gurjeet Singh, reviewed by Steve Singer and Tom Lane
Robert Haas [Mon, 24 Jan 2011 01:44:48 +0000 (20:44 -0500)]
sepgsql, an SE-Linux integration for PostgreSQL
This is still pretty rough - among other things, the documentation
needs work, and the messages need a visit from the style police -
but this gets the basic framework in place.
Magnus Hagander [Sun, 23 Jan 2011 22:39:18 +0000 (23:39 +0100)]
Make walsender options order-independent
While doing this, also move base backup options into
a struct instead of increasing the number of parameters
to multiple functions for each new option.
Add 'directory' format to pg_dump. The new directory format is compatible
with the 'tar' format, in that untarring a tar format archive produces a
valid directory format archive.
Tom Lane [Sun, 23 Jan 2011 19:26:51 +0000 (14:26 -0500)]
Fix another portability issue in pg_basebackup.
The target of sscanf with a %o format had better be of integer width,
but "mode_t" conceivably isn't that. Another compiler warning seen
only on some platforms; this one I think is potentially a real bug
and not just a warning.
Tom Lane [Sun, 23 Jan 2011 19:13:46 +0000 (14:13 -0500)]
Improve getObjectDescription's display of pg_amop and pg_amproc entries.
Include the lefttype/righttype columns explicitly (instead of assuming
the reader can deduce them from the operator or function description),
and move the operator or function description to the end of the string,
to make it clearer that it's a referenced object and not the amop or
amproc item itself. Per extensive discussion of Andreas Karlsson's
original patch.
Tom Lane [Sun, 23 Jan 2011 18:12:55 +0000 (13:12 -0500)]
Revert "Factor out functions responsible for caching I/O routines".
This reverts commit 740e54ca84c437fd67524f97a3ea9ddea752e208, which seems
to have tickled an optimization bug in gcc 4.5.x, as reported upstream at
https://bugzilla.redhat.com/show_bug.cgi?id=671899
Since this patch had no purpose beyond code beautification, it's not
worth expending a lot of effort to look for another workaround.
Magnus Hagander [Sun, 23 Jan 2011 11:21:23 +0000 (12:21 +0100)]
Add pg_basebackup tool for streaming base backups
This tool makes it possible to do the pg_start_backup/
copy files/pg_stop_backup step in a single command.
There are still some steps to be done before this is a
complete backup solution, such as the ability to stream
the required WAL logs, but it's still usable, and
could do with some buildfarm coverage.
In passing, make the checkpoint request optionally
fast instead of hardcoding it.
Magnus Hagander, reviewed by Fujii Masao and Dimitri Fontaine
Robert Haas [Sun, 23 Jan 2011 01:51:32 +0000 (20:51 -0500)]
Code cleanup for assign_transaction_read_only.
As in commit fb4c5d2798730f60b102d775f22fb53c26a6445d on 2011-01-21,
this avoids spurious debug messages and allows idempotent changes at
any time. Along the way, make assign_XactIsoLevel allow idempotent
changes even when not within a subtransaction, to be consistent with
the new coding of assign_transaction_read_only and because there's
no compelling reason to do otherwise.
Tom Lane [Sun, 23 Jan 2011 01:43:54 +0000 (20:43 -0500)]
Quick hack to un-break plpython regression tests.
It's not clear to me what should happen to the other plpython_unicode
variant expected files, but this patch gets things passing on my own
machines and at least some of the buildfarm.
Tom Lane [Sun, 23 Jan 2011 01:31:24 +0000 (20:31 -0500)]
Allow the wal_buffers setting to be auto-tuned to a reasonable value.
If wal_buffers is initially set to -1 (which is now the default), it's
replaced by 1/32nd of shared_buffers, with a minimum of 8 (the old default)
and a maximum of the XLOG segment size. The allowed range for manual
settings is still from 4 up to whatever will fit in shared memory.
Tom Lane [Sat, 22 Jan 2011 23:01:31 +0000 (18:01 -0500)]
Suppress "control reaches end of non-void function" warning from gcc 4.5.
Not sure why I'm seeing this on Fedora 14 and not earlier versions.
Seems like a regression that gcc no longer knows that DIE() doesn't return.
Still, adding a dummy return is harmless enough.
Tom Lane [Sat, 22 Jan 2011 22:56:42 +0000 (17:56 -0500)]
Suppress possibly-uninitialized-variable warnings from gcc 4.5.
It appears that gcc 4.5 can issue such warnings for whole structs, not
just scalar variables as in the past. Refactor some pg_dump code slightly
so that the OutputContext local variables are always initialized, even
if they won't be used. It's cheap enough to not be worth worrying about.
Peter Eisentraut [Sat, 22 Jan 2011 20:08:51 +0000 (22:08 +0200)]
Get rid of the global variable holding the error state
Global error handling led to confusion and was hard to manage. With
this change, errors from PostgreSQL are immediately reported to Python
as exceptions. This requires setting a Python exception after
reporting the caught PostgreSQL error as a warning, because PLy_elog
destroys the Python exception state.
Ideally, all places where PostgreSQL errors need to be reported back
to Python should be wrapped in subtransactions, to make going back to
Python from a longjmp safe. This will be handled in a separate patch.
Tom Lane [Sat, 22 Jan 2011 20:01:26 +0000 (15:01 -0500)]
More pg_test_fsync fixups.
Reduce #includes to minimum actually needed; in particular include
postgres_fe.h not postgres.h, so as to stop build failures on some
platforms.
Use get_progname() instead of hardwired program name; improve error
checking for command line syntax; bring error messages into line with
style guidelines; include strerror result in die() cases.
Robert Haas [Sat, 22 Jan 2011 02:49:19 +0000 (21:49 -0500)]
Code cleanup for assign_XactIsoLevel.
The new coding avoids a spurious debug message when a transaction
that has changed the isolation level has been rolled back. It also
allows the property to be freely changed to the current value within
a subtransaction.
Tom Lane [Sat, 22 Jan 2011 00:44:53 +0000 (19:44 -0500)]
More pg_test_fsync cleanup.
Un-break Windows build (I hope) by making the HAVE_FSYNC_WRITETHROUGH
code match the backend. Fix incorrect program help message. static-ize
all functions.
Tom Lane [Sat, 22 Jan 2011 00:27:25 +0000 (19:27 -0500)]
Clean up pg_test_fsync commit.
Actually rename the program, rather than just claiming we did. Hook it
into the build system. Get rid of useless dependency on libpq. Clean up
#include list and messy whitespace.
Peter Eisentraut [Fri, 21 Jan 2011 21:46:56 +0000 (23:46 +0200)]
Correctly add exceptions to the plpy module for Python 3
The way the exception types where added to the module was wrong for
Python 3. Exception classes were not actually available from plpy.
Fix that by factoring out code that is responsible for defining new
Python exceptions and make it work with Python 3. New regression test
makes sure the plpy module has the expected contents.
Don't require usage privileges on the foreign data wrapper when creating a
foreign table. We check for usage privileges on the foreign server, that ought
to be enough.
Peter Eisentraut [Tue, 18 Jan 2011 21:39:09 +0000 (23:39 +0200)]
Skip dropped attributes when converting Python objects to tuples
Pay attention to the attisdropped field and skip over TupleDesc fields
that have it set. Not a real problem until we get table returning
functions, but it's the right thing to do anyway.
Peter Eisentraut [Tue, 18 Jan 2011 21:22:37 +0000 (23:22 +0200)]
Fix an error when a set-returning function fails halfway through the execution
If the function using yield to return rows fails halfway, the iterator
stays open and subsequent calls to the function will resume reading
from it. The fix is to unref the iterator and set it to NULL if there
has been an error.
Tom Lane [Tue, 18 Jan 2011 19:09:22 +0000 (14:09 -0500)]
Avoid detoast in texteq/textne/byteaeq/byteane for unequal-length strings.
We can get the length of a compressed or out-of-line datum without actually
detoasting it. If the lengths of two strings are unequal, we can then
conclude they are unequal without detoasting. That saves considerable work
in an admittedly less-common case, without costing anything much when the
optimization doesn't apply.
Peter Eisentraut [Mon, 17 Jan 2011 19:46:36 +0000 (21:46 +0200)]
Use HTABs instead of Python dictionary objects to cache procedures
Two separate hash tables are used for regular procedures and for
trigger procedures, since the way trigger procedures work is quite
different from normal stored procedures. Change the signatures of
PLy_procedure_{get,create} to accept the function OID and a Boolean
flag indicating whether it's a trigger. This should make implementing
a PL/Python validator easier.
Using HTABs instead of Python dictionaries makes error recovery
easier, and allows for procedures to be cached based on their OIDs,
not their names. It also allows getting rid of the PyCObject field
that used to hold a pointer to PLyProcedure, since PyCObjects are
deprecated in Python 2.7 and replaced by Capsules in Python 3.
Tom Lane [Mon, 17 Jan 2011 17:38:52 +0000 (12:38 -0500)]
Fix miscalculation of itemsafter in array_set_slice().
If the slice to be assigned to was before the existing array lower bound
(requiring at least one null element to spring into existence to fill the
gap), the code miscalculated how many entries needed to be copied from
the old array's null bitmap. This could result in trashing the array's
data area (as seen in bug #5840 from Karsten Loesing), or worse.
This has been broken since we first allowed the behavior of assigning to
non-adjacent slices, in 8.2. Back-patch to all affected versions.