• Tom Lane's avatar
    Clean up some mess in row-security patches. · fd496129
    Tom Lane authored
    Fix unsafe coding around PG_TRY in RelationBuildRowSecurity: can't change
    a variable inside PG_TRY and then use it in PG_CATCH without marking it
    "volatile".  In this case though it seems saner to avoid that by doing
    a single assignment before entering the TRY block.
    
    I started out just intending to fix that, but the more I looked at the
    row-security code the more distressed I got.  This patch also fixes
    incorrect construction of the RowSecurityPolicy cache entries (there was
    not sufficient care taken to copy pass-by-ref data into the cache memory
    context) and a whole bunch of sloppiness around the definition and use of
    pg_policy.polcmd.  You can't use nulls in that column because initdb will
    mark it NOT NULL --- and I see no particular reason why a null entry would
    be a good idea anyway, so changing initdb's behavior is not the right
    answer.  The internal value of '\0' wouldn't be suitable in a "char" column
    either, so after a bit of thought I settled on using '*' to represent ALL.
    Chasing those changes down also revealed that somebody wasn't paying
    attention to what the underlying values of ACL_UPDATE_CHR etc really were,
    and there was a great deal of lackadaiscalness in the catalogs.sgml
    documentation for pg_policy and pg_policies too.
    
    This doesn't pretend to be a complete code review for the row-security
    stuff, it just fixes the things that were in my face while dealing with
    the bugs in RelationBuildRowSecurity.
    fd496129
relcache.c 163 KB