Fix several datatype input functions that were allowing unused bytes in their

results to contain uninitialized, unpredictable values.  While this was okay
as far as the datatypes themselves were concerned, it's a problem for the
parser because occurrences of the "same" literal might not be recognized as
equal by datumIsEqual (and hence not by equal()).  It seems sufficient to fix
this in the input functions since the only critical use of equal() is in the
parser's comparisons of ORDER BY and DISTINCT expressions.
Per a trouble report from Marc Cousin.

Patch all the way back.  Interestingly, array_in did not have the bug before
8.2, which may explain why the issue went unnoticed for so long.

diff --git a/contrib/ltree/ltree_io.c b/contrib/ltree/ltree_io.c
index ff1ace2989bcfdb6f5ccdc109392856bb2d767ca..d94e95012bf34a7d03ff0466d83fcc82c805e1df 100644 (file)
--- a/contrib/ltree/ltree_io.c
+++ b/contrib/ltree/ltree_io.c
@@ -118,7 +118,7 @@ ltree_in(PG_FUNCTION_ARGS)
                                 errmsg("syntax error"),
                                 errdetail("Unexpected end of line.")));
 
-       result = (ltree *) palloc(LTREE_HDRSIZE + totallen);
+       result = (ltree *) palloc0(LTREE_HDRSIZE + totallen);
        result->len = LTREE_HDRSIZE + totallen;
        result->numlevel = lptr - list;
        curlevel = LTREE_FIRST(result);
@@ -208,8 +208,7 @@ lquery_in(PG_FUNCTION_ARGS)
        }
 
        num++;
-       curqlevel = tmpql = (lquery_level *) palloc(ITEMSIZE * num);
-       memset((void *) tmpql, 0, ITEMSIZE * num);
+       curqlevel = tmpql = (lquery_level *) palloc0(ITEMSIZE * num);
        ptr = buf;
        while (*ptr)
        {
@@ -448,7 +447,7 @@ lquery_in(PG_FUNCTION_ARGS)
                curqlevel = NEXTLEV(curqlevel);
        }
 
-       result = (lquery *) palloc(totallen);
+       result = (lquery *) palloc0(totallen);
        result->len = totallen;
        result->numlevel = num;
        result->firstgood = 0;

diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c
index 348dfc42eda025ffa24e2deb1d322e0a8608280a..414a3ae64cb69b9b4506d703db83bc54d7d27384 100644 (file)
--- a/src/backend/utils/adt/arrayfuncs.c
+++ b/src/backend/utils/adt/arrayfuncs.c
@@ -323,7 +323,7 @@ array_in(PG_FUNCTION_ARGS)
                dataoffset = 0;                 /* marker for no null bitmap */
                nbytes += ARR_OVERHEAD_NONULLS(ndim);
        }
-       retval = (ArrayType *) palloc(nbytes);
+       retval = (ArrayType *) palloc0(nbytes);
        retval->size = nbytes;
        retval->ndim = ndim;
        retval->dataoffset = dataoffset;

diff --git a/src/backend/utils/adt/geo_ops.c b/src/backend/utils/adt/geo_ops.c
index b3744587af66f3d937f74e5b85b210af8ca19b40..238fa2352bf83dd091f91d8df008b9abb55386ef 100644 (file)
--- a/src/backend/utils/adt/geo_ops.c
+++ b/src/backend/utils/adt/geo_ops.c
@@ -1425,6 +1425,8 @@ path_in(PG_FUNCTION_ARGS)
                                 errmsg("invalid input syntax for type path: \"%s\"", str)));
 
        path->closed = (!isopen);
+       /* prevent instability in unused pad bytes */
+       path->dummy = 0;
 
        PG_RETURN_PATH_P(path);
 }