Participants
Tom Lane
Tom Lane
Robert Haas
Robert Haas
Noah Misch
Noah Misch
Attachments

No attachments in this thread

Thread Outline
#1Tom LaneTom Lane
May 12, 2015
#2Robert HaasRobert Haasto Tom Lane (#1)
May 13, 2015
#3Noah MischNoah Mischto Robert Haas (#2)
May 14, 2015

Why does contain_leaked_vars believe MinMaxExpr is safe?

Started by Tom Laneover 10 years ago3 messages
#1Tom Lane
Tom Lane
tgl@sss.pgh.pa.us

MinMaxExpr is an implicit invocation of a btree comparison function.
Are we supposing that all of those are necessarily leakproof?

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#2Robert Haas
Robert Haas
robertmhaas@gmail.com
In reply to: Tom Lane (#1)
Re: Why does contain_leaked_vars believe MinMaxExpr is safe?

On Tue, May 12, 2015 at 7:22 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

MinMaxExpr is an implicit invocation of a btree comparison function.
Are we supposing that all of those are necessarily leakproof?

I suspect it's an oversight, because the comment gives no hint that
any such intention was present. It's been more than three years since
I committed that code (under a different function name) so my memory
is a little fuzzy, but I believe it just didn't occur to me that
MinMaxExpr could include a function call.

I suspect it's safe in practice, but in theory it's probably a bug.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#3Noah Misch
Noah Misch
noah@leadboat.com
In reply to: Robert Haas (#2)
Re: Why does contain_leaked_vars believe MinMaxExpr is safe?

On Wed, May 13, 2015 at 09:34:53AM -0400, Robert Haas wrote:

On Tue, May 12, 2015 at 7:22 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

MinMaxExpr is an implicit invocation of a btree comparison function.
Are we supposing that all of those are necessarily leakproof?

I suspect it's an oversight, because the comment gives no hint that
any such intention was present. It's been more than three years since
I committed that code (under a different function name) so my memory
is a little fuzzy, but I believe it just didn't occur to me that
MinMaxExpr could include a function call.

I suspect it's safe in practice, but in theory it's probably a bug.

Agreed; it is formally a bug. We considered[1]/messages/by-id/20110707223526.GJ1840@tornado.leadboat.com special trust of operator
class members and decided against it. Since almost every btree opfamily
member is leakproof in practice, I doubt the bug has harmed anyone.

[1]: /messages/by-id/20110707223526.GJ1840@tornado.leadboat.com

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

← Back to Topics