Prev: Pause/Resume feature for Hot Standby
Next: [HACKERS] GUCs that need restart
From: "Kevin Grittner" on 4 May 2010 10:29
Robert Haas <robertmhaas(a)gmail.com> wrote:

> I think the OP is probably running a version that doesn't include
> the Jan 7 commit, which was effectively undone by the Jan 25
> commit for CVS HEAD.

It sure looks like it.

> It looks like this was intentional based on spec behavior
> of overlay(), but should we consider maintaining the historical
> behavior instead?

I know I read through the spec (several versions of it) related to
this issue when I reviewed the patch, and if memory serves the 9.0
behavior is what the spec requires. Obviously that's a behavior
change, so it can't be back-patched. I'm inclined to think the
previous behavior was pretty marginal, and there is certainly a
workaround -- omit the third parameter rather than specifying a
negative number:

SELECT substring(B'1111000000000001' from 5);
substring
--------------
000000000001
(1 row)

SELECT substring(B'1111000000000001' from 4);
substring
---------------
1000000000001
(1 row)

We have maintained nonstandard behavior in the past for
compatibility reasons, so it's a fair question; however, I'm
inclined toward the standard on this one.

-Kevin

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Robert Haas on 4 May 2010 10:42
On Tue, May 4, 2010 at 10:29 AM, Kevin Grittner
<Kevin.Grittner(a)wicourts.gov> wrote:
> We have maintained nonstandard behavior in the past for
> compatibility reasons, so it's a fair question; however, I'm
> inclined toward the standard on this one.

In a case like this, it seems unlikely that someone would be counting
on a negative value to throw an error, so I tend to regard doing
something else as an extension of the standard rather than a deviation
from it. But I don't have strong feelings about it.

....Robert

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Tom Lane on 4 May 2010 11:07
Robert Haas <robertmhaas(a)gmail.com> writes:
> On Tue, May 4, 2010 at 10:29 AM, Kevin Grittner
> <Kevin.Grittner(a)wicourts.gov> wrote:
>> We have maintained nonstandard behavior in the past for
>> compatibility reasons, so it's a fair question; however, I'm
>> inclined toward the standard on this one.

> In a case like this, it seems unlikely that someone would be counting
> on a negative value to throw an error, so I tend to regard doing
> something else as an extension of the standard rather than a deviation
> from it. But I don't have strong feelings about it.

The reason we changed it is that our other versions of substring()
already had the spec-required behavior of throwing error for negative
length. Only the bit/varbit implementation was out of step.

The OP did not state that this behavioral change broke his application,
anyway. I suspect the actual subtext is that he's poking into the
vulnerability report that was issued against the unpatched code.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: "Kevin Grittner" on 4 May 2010 11:15
Robert Haas <robertmhaas(a)gmail.com> wrote:

> But I don't have strong feelings about it.

Nor do I. Perhaps this question should be floated on -general?

-Kevin

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Srinivas Naik on 4 May 2010 14:24
I am sorry for that, but I made two different installations and I was
messing up with various inputs.

Actually, the installed versions are below
*postgresql-8.3*
*Ubuntu 8.10 with 2.6.27 Kernel*
*and its an 32Bit O/S*

pgsql$ SELECT substring(B'1111000000000001' from 5 for -2);
ERROR:invalid memory alloc request size 4244635647

I just wanted to know how severe it is and how it can effect the database to
result Memory Corruption/DoS.

Please help me in making the point clear.

Thanks again.

On Tue, May 4, 2010 at 8:45 PM, Kevin Grittner
<Kevin.Grittner(a)wicourts.gov>wrote:

> Robert Haas <robertmhaas(a)gmail.com> wrote:
>
> > But I don't have strong feelings about it.
>
> Nor do I. Perhaps this question should be floated on -general?
>
> -Kevin
>
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Pause/Resume feature for Hot Standby
Next: [HACKERS] GUCs that need restart