Commit fe796ea8 authored by Tom Lane's avatar Tom Lane

Fix an ancient logic error in plpgsql's exec_stmt_block: it thought it could

get away with not (re)initializing a local variable if the variable is marked
"isconst" and not "isnull".  Unfortunately it makes this decision after having
already freed the old value, meaning that something like

   for i in 1..10 loop
     declare c constant text := 'hi there';

leads to subsequent accesses to freed memory, and hence probably crashes.
(In particular, this is why Asif Ali Rehman's bug leads to crash and not
just an unexpectedly-NULL value for SQLERRM: SQLERRM is marked CONSTANT
and so triggers this error.)

The whole thing seems wrong on its face anyway: CONSTANT means that you can't
change the variable inside the block, not that the initializer expression is
guaranteed not to change value across successive block entries.  Hence,
remove the "optimization" instead of trying to fix it.
parent 7ad33ceb
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.187 2007/02/01 19:22:07 tgl Exp $ * $PostgreSQL: pgsql/src/pl/plpgsql/src/pl_exec.c,v 1.188 2007/02/08 18:37:30 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -885,43 +885,43 @@ exec_stmt_block(PLpgSQL_execstate *estate, PLpgSQL_stmt_block *block) ...@@ -885,43 +885,43 @@ exec_stmt_block(PLpgSQL_execstate *estate, PLpgSQL_stmt_block *block)
{ {
PLpgSQL_var *var = (PLpgSQL_var *) (estate->datums[n]); PLpgSQL_var *var = (PLpgSQL_var *) (estate->datums[n]);
/* free any old value, in case re-entering block */
free_var(var); free_var(var);
if (!var->isconst || var->isnull)
/* Initially it contains a NULL */
var->value = (Datum) 0;
var->isnull = true;
if (var->default_val == NULL)
{ {
if (var->default_val == NULL) /*
* If needed, give the datatype a chance to reject
* NULLs, by assigning a NULL to the variable.
* We claim the value is of type UNKNOWN, not the
* var's datatype, else coercion will be skipped.
* (Do this before the notnull check to be
* consistent with exec_assign_value.)
*/
if (!var->datatype->typinput.fn_strict)
{ {
/* Initially it contains a NULL */ bool valIsNull = true;
var->value = (Datum) 0;
var->isnull = true; exec_assign_value(estate,
/* (PLpgSQL_datum *) var,
* If needed, give the datatype a chance to reject (Datum) 0,
* NULLs, by assigning a NULL to the variable. UNKNOWNOID,
* We claim the value is of type UNKNOWN, not the &valIsNull);
* var's datatype, else coercion will be skipped. }
* (Do this before the notnull check to be if (var->notnull)
* consistent with exec_assign_value.) ereport(ERROR,
*/
if (!var->datatype->typinput.fn_strict)
{
bool valIsNull = true;
exec_assign_value(estate,
(PLpgSQL_datum *) var,
(Datum) 0,
UNKNOWNOID,
&valIsNull);
}
if (var->notnull)
ereport(ERROR,
(errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED), (errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
errmsg("variable \"%s\" declared NOT NULL cannot default to NULL", errmsg("variable \"%s\" declared NOT NULL cannot default to NULL",
var->refname))); var->refname)));
} }
else else
{ {
exec_assign_expr(estate, (PLpgSQL_datum *) var, exec_assign_expr(estate, (PLpgSQL_datum *) var,
var->default_val); var->default_val);
}
} }
} }
break; break;
...@@ -1065,7 +1065,9 @@ exec_stmt_block(PLpgSQL_execstate *estate, PLpgSQL_stmt_block *block) ...@@ -1065,7 +1065,9 @@ exec_stmt_block(PLpgSQL_execstate *estate, PLpgSQL_stmt_block *block)
rc = exec_stmts(estate, exception->action); rc = exec_stmts(estate, exception->action);
free_var(state_var); free_var(state_var);
state_var->value = (Datum) 0;
free_var(errm_var); free_var(errm_var);
errm_var->value = (Datum) 0;
break; break;
} }
} }
...@@ -4867,6 +4869,12 @@ plpgsql_subxact_cb(SubXactEvent event, SubTransactionId mySubid, ...@@ -4867,6 +4869,12 @@ plpgsql_subxact_cb(SubXactEvent event, SubTransactionId mySubid,
} }
} }
/*
* free_var --- pfree any pass-by-reference value of the variable.
*
* This should always be followed by some assignment to var->value,
* as it leaves a dangling pointer.
*/
static void static void
free_var(PLpgSQL_var *var) free_var(PLpgSQL_var *var)
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment