Re: Leakproofness of texteq()/textne()
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Stephen Frost <sfrost@snowman.net>
Cc: Robert Haas <robertmhaas@gmail.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-09-17T07:17:21Z
Lists: pgsql-hackers
On 2019-09-16 06:24, Tom Lane wrote: > So it seems that the consensus is that it's okay to mark these > functions leakproof, because if any of the errors they throw > are truly reachable for other than data-corruption reasons, > we would wish to try to prevent such errors. (Maybe through > upstream validity checks? Hard to say how we'd do it exactly, > when we don't have an idea what the problem is.) Yeah, it seems like as we expand our Unicode capabilities, we will see more cases like "it could fail here in theory, but it shouldn't happen for normal data", and the answer can't be to call all that untrusted or leaky. It's the job of the database software to sort that out. Obviously, it will require careful evaluation in each case. > My inclination is to do the proleakproof changes in HEAD, but > not touch v12. The inconsistency in leakproof markings in v12 > is annoying but it's not a regression or security hazard, so > I'm thinking it's not worth a late catversion bump to fix. Sounds good, unless we do another catversion bump. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Straighten out leakproofness markings on text comparison functions.
- d9110d7e1481 12.0 landed
- c160b8928c77 13.0 landed