From: Tom Lane Date: Fri, 11 Apr 2008 22:53:06 +0000 (+0000) Subject: Fix several datatype input functions that were allowing unused bytes in their X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=2d93f0bb5854dfcb286a91d134388e7e0a29b20e;p=users%2Fbernd%2Fpostgres.git Fix several datatype input functions that were allowing unused bytes in their results to contain uninitialized, unpredictable values. While this was okay as far as the datatypes themselves were concerned, it's a problem for the parser because occurrences of the "same" literal might not be recognized as equal by datumIsEqual (and hence not by equal()). It seems sufficient to fix this in the input functions since the only critical use of equal() is in the parser's comparisons of ORDER BY and DISTINCT expressions. Per a trouble report from Marc Cousin. Patch all the way back. Interestingly, array_in did not have the bug before 8.2, which may explain why the issue went unnoticed for so long. --- diff --git a/contrib/ltree/ltree_io.c b/contrib/ltree/ltree_io.c index ff1ace2989..d94e95012b 100644 --- a/contrib/ltree/ltree_io.c +++ b/contrib/ltree/ltree_io.c @@ -118,7 +118,7 @@ ltree_in(PG_FUNCTION_ARGS) errmsg("syntax error"), errdetail("Unexpected end of line."))); - result = (ltree *) palloc(LTREE_HDRSIZE + totallen); + result = (ltree *) palloc0(LTREE_HDRSIZE + totallen); result->len = LTREE_HDRSIZE + totallen; result->numlevel = lptr - list; curlevel = LTREE_FIRST(result); @@ -208,8 +208,7 @@ lquery_in(PG_FUNCTION_ARGS) } num++; - curqlevel = tmpql = (lquery_level *) palloc(ITEMSIZE * num); - memset((void *) tmpql, 0, ITEMSIZE * num); + curqlevel = tmpql = (lquery_level *) palloc0(ITEMSIZE * num); ptr = buf; while (*ptr) { @@ -448,7 +447,7 @@ lquery_in(PG_FUNCTION_ARGS) curqlevel = NEXTLEV(curqlevel); } - result = (lquery *) palloc(totallen); + result = (lquery *) palloc0(totallen); result->len = totallen; result->numlevel = num; result->firstgood = 0; diff --git a/src/backend/utils/adt/arrayfuncs.c b/src/backend/utils/adt/arrayfuncs.c index 348dfc42ed..414a3ae64c 100644 --- a/src/backend/utils/adt/arrayfuncs.c +++ b/src/backend/utils/adt/arrayfuncs.c @@ -323,7 +323,7 @@ array_in(PG_FUNCTION_ARGS) dataoffset = 0; /* marker for no null bitmap */ nbytes += ARR_OVERHEAD_NONULLS(ndim); } - retval = (ArrayType *) palloc(nbytes); + retval = (ArrayType *) palloc0(nbytes); retval->size = nbytes; retval->ndim = ndim; retval->dataoffset = dataoffset; diff --git a/src/backend/utils/adt/geo_ops.c b/src/backend/utils/adt/geo_ops.c index b3744587af..238fa2352b 100644 --- a/src/backend/utils/adt/geo_ops.c +++ b/src/backend/utils/adt/geo_ops.c @@ -1425,6 +1425,8 @@ path_in(PG_FUNCTION_ARGS) errmsg("invalid input syntax for type path: \"%s\"", str))); path->closed = (!isopen); + /* prevent instability in unused pad bytes */ + path->dummy = 0; PG_RETURN_PATH_P(path); }