diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/utils/adt/acl.c | 47 | ||||
| -rw-r--r-- | src/backend/utils/adt/varlena.c | 52 | ||||
| -rw-r--r-- | src/include/utils/acl.h | 25 | ||||
| -rw-r--r-- | src/pl/plpgsql/src/pl_exec.c | 49 |
4 files changed, 102 insertions, 71 deletions
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index a1080b59f60..9282c417d01 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.128 2005/11/17 22:14:52 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/acl.c,v 1.129 2005/11/18 02:38:23 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -67,6 +67,7 @@ static List *cached_membership_roles = NIL; static const char *getid(const char *s, char *n); static void putid(char *p, const char *s); static Acl *allocacl(int n); +static void check_acl(const Acl *acl); static const char *aclparse(const char *s, AclItem *aip); static bool aclitem_match(const AclItem *a1, const AclItem *a2); static void check_circularity(const Acl *old_acl, const AclItem *mod_aip, @@ -360,6 +361,26 @@ allocacl(int n) } /* + * Verify that an ACL array is acceptable (one-dimensional and has no nulls) + */ +static void +check_acl(const Acl *acl) +{ + if (ARR_ELEMTYPE(acl) != ACLITEMOID) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("ACL array contains wrong datatype"))); + if (ARR_NDIM(acl) != 1) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE), + errmsg("ACL arrays must be one-dimensional"))); + if (ARR_HASNULL(acl)) + ereport(ERROR, + (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED), + errmsg("ACL arrays must not contain nulls"))); +} + +/* * aclitemin * Allocates storage for, and fills in, a new AclItem given a string * 's' that contains an ACL specification. See aclparse for details. @@ -612,15 +633,8 @@ aclupdate(const Acl *old_acl, const AclItem *mod_aip, int dst, num; - /* These checks for null input are probably dead code, but... */ - if (!old_acl || ACL_NUM(old_acl) < 0) - old_acl = allocacl(0); - if (!mod_aip) - { - new_acl = allocacl(ACL_NUM(old_acl)); - memcpy(new_acl, old_acl, ACL_SIZE(old_acl)); - return new_acl; - } + /* Caller probably already checked old_acl, but be safe */ + check_acl(old_acl); /* If granting grant options, check for circularity */ if (modechg != ACL_MODECHG_DEL && @@ -740,6 +754,8 @@ aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId) targ, num; + check_acl(old_acl); + /* * Make a copy of the given ACL, substituting new owner ID for old * wherever it appears as either grantor or grantee. Also note if the new @@ -836,6 +852,8 @@ check_circularity(const Acl *old_acl, const AclItem *mod_aip, num; AclMode own_privs; + check_acl(old_acl); + /* * For now, grant options can only be granted to roles, not PUBLIC. * Otherwise we'd have to work a bit harder here. @@ -916,6 +934,8 @@ recursive_revoke(Acl *acl, int i, num; + check_acl(acl); + /* The owner can never truly lose grant options, so short-circuit */ if (grantee == ownerId) return acl; @@ -1005,6 +1025,8 @@ aclmask(const Acl *acl, Oid roleid, Oid ownerId, if (acl == NULL) elog(ERROR, "null ACL"); + check_acl(acl); + /* Quick exit for mask == 0 */ if (mask == 0) return 0; @@ -1091,6 +1113,8 @@ aclmask_direct(const Acl *acl, Oid roleid, Oid ownerId, if (acl == NULL) elog(ERROR, "null ACL"); + check_acl(acl); + /* Quick exit for mask == 0 */ if (mask == 0) return 0; @@ -1151,6 +1175,8 @@ aclmembers(const Acl *acl, Oid **roleids) return 0; } + check_acl(acl); + /* Allocate the worst-case space requirement */ list = palloc(ACL_NUM(acl) * 2 * sizeof(Oid)); acldat = ACL_DAT(acl); @@ -1240,6 +1266,7 @@ aclcontains(PG_FUNCTION_ARGS) int i, num; + check_acl(acl); num = ACL_NUM(acl); aidat = ACL_DAT(acl); for (i = 0; i < num; ++i) diff --git a/src/backend/utils/adt/varlena.c b/src/backend/utils/adt/varlena.c index 1f6c176f640..dd877c7d3f0 100644 --- a/src/backend/utils/adt/varlena.c +++ b/src/backend/utils/adt/varlena.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/utils/adt/varlena.c,v 1.139 2005/10/29 00:31:51 petere Exp $ + * $PostgreSQL: pgsql/src/backend/utils/adt/varlena.c,v 1.140 2005/11/18 02:38:23 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -2491,16 +2491,18 @@ array_to_text(PG_FUNCTION_ARGS) int nitems, *dims, ndims; - char *p; Oid element_type; int typlen; bool typbyval; char typalign; StringInfo result_str = makeStringInfo(); + bool printed = false; + char *p; + bits8 *bitmap; + int bitmask; int i; ArrayMetaState *my_extra; - p = ARR_DATA_PTR(v); ndims = ARR_NDIM(v); dims = ARR_DIMS(v); nitems = ArrayGetNItems(ndims, dims); @@ -2522,7 +2524,7 @@ array_to_text(PG_FUNCTION_ARGS) fcinfo->flinfo->fn_extra = MemoryContextAlloc(fcinfo->flinfo->fn_mcxt, sizeof(ArrayMetaState)); my_extra = (ArrayMetaState *) fcinfo->flinfo->fn_extra; - my_extra->element_type = InvalidOid; + my_extra->element_type = ~element_type; } if (my_extra->element_type != element_type) @@ -2542,23 +2544,47 @@ array_to_text(PG_FUNCTION_ARGS) typbyval = my_extra->typbyval; typalign = my_extra->typalign; + p = ARR_DATA_PTR(v); + bitmap = ARR_NULLBITMAP(v); + bitmask = 1; + for (i = 0; i < nitems; i++) { Datum itemvalue; char *value; - itemvalue = fetch_att(p, typbyval, typlen); + /* Get source element, checking for NULL */ + if (bitmap && (*bitmap & bitmask) == 0) + { + /* we ignore nulls */ + } + else + { + itemvalue = fetch_att(p, typbyval, typlen); - value = DatumGetCString(FunctionCall1(&my_extra->proc, - itemvalue)); + value = DatumGetCString(FunctionCall1(&my_extra->proc, + itemvalue)); - if (i > 0) - appendStringInfo(result_str, "%s%s", fldsep, value); - else - appendStringInfoString(result_str, value); + if (printed) + appendStringInfo(result_str, "%s%s", fldsep, value); + else + appendStringInfoString(result_str, value); + printed = true; + + p = att_addlength(p, typlen, PointerGetDatum(p)); + p = (char *) att_align(p, typalign); + } - p = att_addlength(p, typlen, PointerGetDatum(p)); - p = (char *) att_align(p, typalign); + /* advance bitmap pointer if any */ + if (bitmap) + { + bitmask <<= 1; + if (bitmask == 0x100) + { + bitmap++; + bitmask = 1; + } + } } PG_RETURN_TEXT_P(PG_STR_GET_TEXT(result_str->data)); diff --git a/src/include/utils/acl.h b/src/include/utils/acl.h index c668382ba31..8699913eb95 100644 --- a/src/include/utils/acl.h +++ b/src/include/utils/acl.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.87 2005/11/17 22:14:55 tgl Exp $ + * $PostgreSQL: pgsql/src/include/utils/acl.h,v 1.88 2005/11/18 02:38:24 tgl Exp $ * * NOTES * An ACL array is simply an array of AclItems, representing the union @@ -78,9 +78,9 @@ typedef struct AclItem #define ACLITEM_ALL_GOPTION_BITS ((AclMode) 0xFFFF << 16) /* - * Definitions for convenient access to Acl (array of AclItem) and IdList - * (array of Oid). These are standard PostgreSQL arrays, but are restricted - * to have one dimension. We also ignore the lower bound when reading, + * Definitions for convenient access to Acl (array of AclItem). + * These are standard PostgreSQL arrays, but are restricted to have one + * dimension and no nulls. We also ignore the lower bound when reading, * and set it to one when writing. * * CAUTION: as of PostgreSQL 7.1, these arrays are toastable (just like all @@ -101,16 +101,6 @@ typedef ArrayType Acl; #define ACL_SIZE(ACL) ARR_SIZE(ACL) /* - * IdList a one-dimensional array of Oid - */ -typedef ArrayType IdList; - -#define IDLIST_NUM(IDL) (ARR_DIMS(IDL)[0]) -#define IDLIST_DAT(IDL) ((Oid *) ARR_DATA_PTR(IDL)) -#define IDLIST_N_SIZE(N) (ARR_OVERHEAD_NONULLS(1) + ((N) * sizeof(Oid))) -#define IDLIST_SIZE(IDL) ARR_SIZE(IDL) - -/* * fmgr macros for these types */ #define DatumGetAclItemP(X) ((AclItem *) DatumGetPointer(X)) @@ -123,13 +113,6 @@ typedef ArrayType IdList; #define PG_GETARG_ACL_P_COPY(n) DatumGetAclPCopy(PG_GETARG_DATUM(n)) #define PG_RETURN_ACL_P(x) PG_RETURN_POINTER(x) -#define DatumGetIdListP(X) ((IdList *) PG_DETOAST_DATUM(X)) -#define DatumGetIdListPCopy(X) ((IdList *) PG_DETOAST_DATUM_COPY(X)) -#define PG_GETARG_IDLIST_P(n) DatumGetIdListP(PG_GETARG_DATUM(n)) -#define PG_GETARG_IDLIST_P_COPY(n) DatumGetIdListPCopy(PG_GETARG_DATUM(n)) -#define PG_RETURN_IDLIST_P(x) PG_RETURN_POINTER(x) - - /* * ACL modification opcodes for aclupdate */ diff --git a/src/pl/plpgsql/src/pl_exec.c b/src/pl/plpgsql/src/pl_exec.c index 608854cbb5f..58f6d814b8f 100644 --- a/src/pl/plpgsql/src/pl_exec.c +++ b/src/pl/plpgsql/src/pl_exec.c @@ -3,7 +3,7 @@ * procedural language * * IDENTIFICATION - * $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.155 2005/11/17 22:14:55 tgl Exp $ + * $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.156 2005/11/18 02:38:24 tgl Exp $ * * This software is copyrighted by Jan Wieck - Hamburg. * @@ -3241,8 +3241,7 @@ exec_assign_value(PLpgSQL_execstate * estate, int i; PLpgSQL_expr *subscripts[MAXDIM]; int subscriptvals[MAXDIM]; - bool havenullsubscript, - oldarrayisnull; + bool oldarrayisnull; Oid arraytypeid, arrayelemtypeid; int16 arraytyplen, @@ -3295,9 +3294,9 @@ exec_assign_value(PLpgSQL_execstate * estate, arraytyplen = get_typlen(arraytypeid); /* - * Evaluate the subscripts, switch into left-to-right order + * Evaluate the subscripts, switch into left-to-right order. + * Like ExecEvalArrayRef(), complain if any subscript is null. */ - havenullsubscript = false; for (i = 0; i < nsubscripts; i++) { bool subisnull; @@ -3306,43 +3305,39 @@ exec_assign_value(PLpgSQL_execstate * estate, exec_eval_integer(estate, subscripts[nsubscripts - 1 - i], &subisnull); - havenullsubscript |= subisnull; + if (subisnull) + ereport(ERROR, + (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED), + errmsg("array subscript in assignment must not be NULL"))); } - /* - * Skip the assignment if we have any nulls in the subscripts - * or the righthand side. This is pretty bogus but it - * corresponds to the current behavior of ExecEvalArrayRef(). - */ - if (havenullsubscript || *isNull) - return; + /* Coerce source value to match array element type. */ + coerced_value = exec_simple_cast_value(value, + valtype, + arrayelemtypeid, + -1, + *isNull); /* * If the original array is null, cons up an empty array so * that the assignment can proceed; we'll end with a * one-element array containing just the assigned-to * subscript. This only works for varlena arrays, though; for - * fixed-length array types we skip the assignment. Again, - * this corresponds to the current behavior of + * fixed-length array types we skip the assignment. We can't + * support assignment of a null entry into a fixed-length + * array, either, so that's a no-op too. This is all ugly + * but corresponds to the current behavior of * ExecEvalArrayRef(). */ - if (oldarrayisnull) - { - if (arraytyplen > 0) /* fixed-length array? */ - return; + if (arraytyplen > 0 && /* fixed-length array? */ + (oldarrayisnull || *isNull)) + return; + if (oldarrayisnull) oldarrayval = construct_empty_array(arrayelemtypeid); - } else oldarrayval = (ArrayType *) DatumGetPointer(oldarraydatum); - /* Coerce source value to match array element type. */ - coerced_value = exec_simple_cast_value(value, - valtype, - arrayelemtypeid, - -1, - *isNull); - /* * Build the modified array value. */ |