Re: bytea(uuid) missing proleakproof?
Chao Li <li.evan.chao@gmail.com>
From: Chao Li <li.evan.chao@gmail.com>
To: PostgreSQL-development <pgsql-hackers@postgresql.org>
Cc: Masahiko Sawada <sawada.mshk@gmail.com>, Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>, Aleksander Alekseev <aleksander@tigerdata.com>
Date: 2026-06-24T07:47:36Z
Lists: pgsql-hackers
> On Jun 22, 2026, at 11:59, Chao Li <li.evan.chao@gmail.com> wrote: > > Hi, > > While testing "[ba21f5bf8] Allow explicit casting between bytea and uuid", I noticed that the new proc bytea(uuid) is not marked as proleakproof, while the other functions in the group, bytea(int2), bytea(int4), and bytea(int8), are all marked as proleakproof. > > Looking into the backend function uuid_bytea(), it just returns uuid_send(fcinfo). For a valid uuid datum, uuid_send() only copies the UUID value into a bytea result, so I don't see an input-dependent error path or other reason not to mark bytea(uuid) as proleakproof. > > This matters for security barrier planning, because a qual using uuid::bytea is otherwise treated as leaky and cannot be pushed down. Attached is a tiny patch to fix that. > > I didn't mark uuid_send() itself as proleakproof because none of send/receive functions are marked as proleakproof in pg_proc.dat. > > Best regards, > -- > Chao Li (Evan) > HighGo Software Co., Ltd. > https://www.highgo.com/ > > > > > <v1-0001-Mark-uuid-to-bytea-cast-as-leakproof.patch> I just added this to the v19 open item list. Please feel free to reject it if it’s not considered an issue. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/
Commits
-
Mark uuid-to-bytea cast as leakproof.
- 6468f7a853c3 19 (unreleased) landed