Movatterモバイル変換

Fix handling of unknown-type arguments inDISTINCT"any" aggregate functions (Tom Lane)

This error led to atext-type value being interpreted as anunknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following thetext value.

ThePostgreSQL Project thanks Jingzhou Fu for reporting this problem. (CVE-2023-5868)

Detect integer overflow while computing new array dimensions (Tom Lane)

When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory.

ThePostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2023-5869)

Prevent thepg_signal_backend role from signalling background workers and autovacuum processes (Noah Misch, Jelte Fennema-Nio)

The documentation says thatpg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable.

Also ensure that theis_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions.

ThePostgreSQL Project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem. (CVE-2023-5870)

Fix partition step generation and runtime partition pruning for hash-partitioned tables with multiple partition keys (David Rowley)

Some cases involving anIS NULL condition on one of the partition keys could result in a crash.

Fix edge case in btree mark/restore processing of ScalarArrayOpExpr clauses (Peter Geoghegan)

When restoring an indexscan to a previously marked position, the code could miss required setup steps if the scan had advanced exactly to the end of the matches for a ScalarArrayOpExpr (that is, anindexcol = ANY(ARRAY[])) clause. This could result in missing some rows that should have been fetched.

Fix intra-query memory leak when a set-returning function repeatedly returns zero rows (Tom Lane)

Don't crash ifcursor_to_xmlschema() is applied to a non-data-returning Portal (Boyu Yang)

Handle invalid indexes more cleanly in assorted SQL functions (Noah Misch)

Report an error ifpgstatindex(),pgstatginindex(),pgstathashindex(), orpgstattuple() is applied to an invalid index. Ifbrin_desummarize_range(),brin_summarize_new_values(),brin_summarize_range(), orgin_clean_pending_list() is applied to an invalid index, do nothing except to report a debug-level message. Formerly these functions attempted to process the index, and might fail in strange ways depending on what the failedCREATE INDEX had left behind.

Avoid premature memory allocation failure with long inputs toto_tsvector() (Tom Lane)

Fix over-allocation of the constructedtsvector intsvectorrecv() (Denis Erokhin)

If the incoming vector includes position data, the binary receive function left wasted space (roughly equal to the size of the position data) in the finishedtsvector. In extreme cases this could lead to“maximum total lexeme length exceeded” failures for vectors that were under the length limit when emitted. In any case it could lead to wasted space on-disk.

Fix incorrect coding ingtsvector_picksplit() (Alexander Lakhin)

This could lead to poor page-split decisions in GiST indexes ontsvector columns.

Ensure we have a snapshot while droppingON COMMIT DROP temp tables (Tom Lane)

This prevents possible misbehavior if any catalog entries for the temp tables have fields wide enough to require toasting (such as a very complexCHECK condition).

Avoid improper response to shutdown signals in child processes just forked bysystem() (Nathan Bossart)

This fix avoids a race condition in which a child process that has been forked off bysystem(), but hasn't yet exec'd the intended child program, might receive and act on a signal intended for the parent server process. That would lead to duplicate cleanup actions being performed, which will not end well.

Avoid torn reads ofpg_control in relevant SQL functions (Thomas Munro)

Acquire the appropriate lock before readingpg_control, to ensure we get a consistent view of that file.

Track the dependencies of cachedCALL statements, and re-plan them when needed (Tom Lane)

DDL commands, such as replacement of a function that has been inlined into aCALL argument, can create the need to re-plan aCALL that has been cached by PL/pgSQL. That was not happening, leading to misbehavior or strange errors such as“cache lookup failed”.

Track nesting depth correctly when inspectingRECORD-type Vars from outer query levels (Richard Guo)

This oversight could lead to assertion failures, core dumps, or“bogus varno” errors.

Avoid“record type has not been registered” failure when deparsing a view that contains references to fields of composite constants (Tom Lane)

Allow extracting fields from aRECORD-typeROW() expression (Tom Lane)

SQL code that knows that we name such fieldsf1,f2, etc can use those names to extract fields from the expression. This change was originally made in version 13, and is now being back-patched into older branches to support tests for a related bug.

Fix error-handling bug inRECORD type cache management (Thomas Munro)

An out-of-memory error occurring at just the wrong point could leave behind inconsistent state that would lead to an infinite loop.

Fix assertion failure when logical decoding is retried in the same session after an error (Hou Zhijie)

Avoid doing plan cache revalidation of utility statements that do not receive interesting processing during parse analysis (Tom Lane)

Aside from saving a few cycles, this prevents failure after a cache invalidation for statements that must not set a snapshot, such asSET TRANSACTION ISOLATION LEVEL.

Keep by-referenceattmissingval values in a long-lived context while they are being used (Andrew Dunstan)

This avoids possible use of dangling pointers when a tuple slot outlives the tuple descriptor with which its value was constructed.

Recalculate the effective value ofsearch_path afterALTER ROLE (Jeff Davis)

This ensures that after renaming a role, the meaning of the special string$user is re-determined.

Fix order of operations inGenericXLogFinish (Jeff Davis)

This code violated the conditions required for crash safety by writing WAL before marking changed buffers dirty. No core code uses this function, but extensions do (contrib/bloom does, for example).

Remove incorrect assertion in PL/Python exception handling (Alexander Lakhin)

Fixpg_restore so that selective restores will include both table-level and column-level ACLs for selected tables (Euler Taveira, Tom Lane)

Formerly, only the table-level ACL would get restored if both types were present.

Avoid generating invalid temporary slot names inpg_basebackup (Jelte Fennema)

This has only been seen to occur when the server connection runs throughpgbouncer.

Incontrib/amcheck, do not report interrupted page deletion as corruption (Noah Misch)

This fix prevents false-positive reports of“the first child of leftmost target page is not leftmost of its level”,“block NNNN is not leftmost” or“left link/right link pair in index XXXX not in agreement”. They appeared ifamcheck ran after an unfinished btree index page deletion and beforeVACUUM had cleaned things up.

Fix failure ofcontrib/btree_gin indexes oninterval columns, when an indexscan using the< or<= operator is performed (Dean Rasheed)

Such an indexscan failed to return all the entries it should.

Suppress assorted build-time warnings on recentmacOS (Tom Lane)

Xcode 15 (released withmacOS Sonoma) changed the linker's behavior in a way that causes many duplicate-library warnings while buildingPostgreSQL. These were harmless, but they're annoying so avoid citing the same libraries twice. Also remove use of the-multiply_defined suppress linker switch, which apparently has been a no-op for a long time, and is now actively complained of.

RemovePHOT (Phoenix Islands Time) from the default timezone abbreviations list (Tom Lane)

Presence of this abbreviation in the default list can cause failures on recent Debian and Ubuntu releases, as they no longer install the underlying tzdb entry by default. Since this is a made-up abbreviation for a zone with a total human population of about two dozen, it seems unlikely that anyone will miss it. If someone does, they can put it back via a custom abbreviations file.