diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2020-07-25 12:54:58 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2020-07-25 12:54:58 -0400 |
| commit | 8a37951eebffd9bf528cb06d46127fb721d0e452 (patch) | |
| tree | 230acdc60009aedc997aa8548a5841cc7ec00f3c /src/backend/utils/adt/pgstatfuncs.c | |
| parent | 2a2494229a709b880a6db82d8b267017fccf671f (diff) | |
| download | postgresql-8a37951eebffd9bf528cb06d46127fb721d0e452.tar.gz postgresql-8a37951eebffd9bf528cb06d46127fb721d0e452.zip | |
Mark built-in coercion functions as leakproof where possible.
Making these leakproof seems helpful since (for example) if you have a
function f(int8) that is leakproof, you don't want it to effectively
become non-leakproof when you apply it to an int4 or int2 column.
But that's what happens today, since the implicit up-coercion will
not be leakproof.
Most of the coercion functions that visibly can't throw errors are
functions that convert numeric datatypes to other, wider ones.
Notable is that float4_numeric and float8_numeric can be marked
leakproof; before commit a57d312a7 they could not have been.
I also marked the functions that coerce strings to "name" as leakproof;
that's okay today because they truncate silently, but if we ever
reconsidered that behavior then they could no longer be leakproof.
I desisted from marking rtrim1() as leakproof; it appears so right now,
but the code seems a little too complex and perhaps subject to change,
since it's shared with other SQL functions.
Discussion: https://postgr.es/m/459322.1595607431@sss.pgh.pa.us
Diffstat (limited to 'src/backend/utils/adt/pgstatfuncs.c')
0 files changed, 0 insertions, 0 deletions