Re: Leakproofness of texteq()/textne()
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>,
PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-09-17T17:00:09Z
Lists: pgsql-hackers
Attachments
- varstr_cmp-is-leakproof-1.patch (text/x-diff) patch
Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes: > On 2019-09-16 06:24, Tom Lane wrote: >> So it seems that the consensus is that it's okay to mark these >> functions leakproof, because if any of the errors they throw >> are truly reachable for other than data-corruption reasons, >> we would wish to try to prevent such errors. (Maybe through >> upstream validity checks? Hard to say how we'd do it exactly, >> when we don't have an idea what the problem is.) > Yeah, it seems like as we expand our Unicode capabilities, we will see > more cases like "it could fail here in theory, but it shouldn't happen > for normal data", and the answer can't be to call all that untrusted or > leaky. It's the job of the database software to sort that out. > Obviously, it will require careful evaluation in each case. Here's a proposed patch to mark functions that depend on varstr_cmp as leakproof. I think we can apply this to HEAD and then close the open item as "won't fix for v12". regards, tom lane
Commits
-
Straighten out leakproofness markings on text comparison functions.
- d9110d7e1481 12.0 landed
- c160b8928c77 13.0 landed