mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure result of an aggregate's finalfunc is made read-only.

Browse Source 
The finalfunc might return a read-write expanded object.  If we
de-duplicate multiple call sites for the aggregate, any function(s)
receiving the aggregate result earlier could alter or destroy the
value that reaches the ones called later.  This is a brown-paper-bag
bug in commit 42b746d4c, because we actually considered the need
for read-only-ness but failed to realize that it applied to the case
with a finalfunc as well as the case without.

Per report from Justin Pryzby.  New error in HEAD,
no need for back-patch.

Discussion: https://postgr.es/m/ZDm5TuKsh3tzoEjz@telsasoft.com
This commit is contained in:
Tom Lane 2023-04-16 14:16:40 -04:00
parent 1c54b93a8c
commit 78d5952dd0
4 changed files with 96 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/backend/executor/nodeAgg.c
View File

@ -1042,7 +1042,8 @@ process_ordered_aggregate_multi(AggState *aggstate,
* *
* The finalfn uses the state as set in the transno. This also might be * The finalfn uses the state as set in the transno. This also might be
* being used by another aggregate function, so it's important that we do * being used by another aggregate function, so it's important that we do
* nothing destructive here. * nothing destructive here. Moreover, the aggregate's final value might
* get used in multiple places, so we mustn't return a R/W expanded datum.
*/ */
static void static void
finalize_aggregate(AggState *aggstate, finalize_aggregate(AggState *aggstate,
@ -1116,8 +1117,13 @@ finalize_aggregate(AggState *aggstate,
} }
else else
{ {
*resultVal = FunctionCallInvoke(fcinfo); Datum result;
result = FunctionCallInvoke(fcinfo);
*resultIsNull = fcinfo->isnull; *resultIsNull = fcinfo->isnull;
*resultVal = MakeExpandedObjectReadOnly(result,
fcinfo->isnull,
peragg->resulttypeLen);
} }
aggstate->curperagg = NULL; aggstate->curperagg = NULL;
} }
@ -1165,6 +1171,7 @@ finalize_partialaggregate(AggState *aggstate,
else else
{ {
FunctionCallInfo fcinfo = pertrans->serialfn_fcinfo; FunctionCallInfo fcinfo = pertrans->serialfn_fcinfo;
Datum result;
fcinfo->args[0].value = fcinfo->args[0].value =
MakeExpandedObjectReadOnly(pergroupstate->transValue, MakeExpandedObjectReadOnly(pergroupstate->transValue,
@ -1173,8 +1180,11 @@ finalize_partialaggregate(AggState *aggstate,
fcinfo->args[0].isnull = pergroupstate->transValueIsNull; fcinfo->args[0].isnull = pergroupstate->transValueIsNull;
fcinfo->isnull = false; fcinfo->isnull = false;
*resultVal = FunctionCallInvoke(fcinfo); result = FunctionCallInvoke(fcinfo);
*resultIsNull = fcinfo->isnull; *resultIsNull = fcinfo->isnull;
*resultVal = MakeExpandedObjectReadOnly(result,
fcinfo->isnull,
peragg->resulttypeLen);
} }
} }
else else

7
src/backend/executor/nodeWindowAgg.c
View File

@ -623,10 +623,15 @@ finalize_windowaggregate(WindowAggState *winstate,
} }
else else
{ {
Datum res;
winstate->curaggcontext = peraggstate->aggcontext; winstate->curaggcontext = peraggstate->aggcontext;
*result = FunctionCallInvoke(fcinfo); res = FunctionCallInvoke(fcinfo);
winstate->curaggcontext = NULL; winstate->curaggcontext = NULL;
*isnull = fcinfo->isnull; *isnull = fcinfo->isnull;
*result = MakeExpandedObjectReadOnly(res,
fcinfo->isnull,
peraggstate->resulttypeLen);
} }
} }
else else

37
src/test/regress/expected/aggregates.out
View File

@ -2758,6 +2758,43 @@ SELECT balk(hundred) FROM tenk1;
(1 row) (1 row)
ROLLBACK;
-- test multiple usage of an aggregate whose finalfn returns a R/W datum
BEGIN;
CREATE FUNCTION rwagg_sfunc(x anyarray, y anyarray) RETURNS anyarray
LANGUAGE plpgsql IMMUTABLE AS $$
BEGIN
RETURN array_fill(y[1], ARRAY[4]);
END;
$$;
CREATE FUNCTION rwagg_finalfunc(x anyarray) RETURNS anyarray
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
DECLARE
res x%TYPE;
BEGIN
-- assignment is essential for this test, it expands the array to R/W
res := array_fill(x[1], ARRAY[4]);
RETURN res;
END;
$$;
CREATE AGGREGATE rwagg(anyarray) (
STYPE = anyarray,
SFUNC = rwagg_sfunc,
FINALFUNC = rwagg_finalfunc
);
CREATE FUNCTION eatarray(x real[]) RETURNS real[]
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
BEGIN
x[1] := x[1] + 1;
RETURN x;
END;
$$;
SELECT eatarray(rwagg(ARRAY[1.0::real])), eatarray(rwagg(ARRAY[1.0::real]));
eatarray | eatarray
-----------+-----------
{2,1,1,1} | {2,1,1,1}
(1 row)
ROLLBACK; ROLLBACK;
-- test coverage for aggregate combine/serial/deserial functions -- test coverage for aggregate combine/serial/deserial functions
BEGIN; BEGIN;

39
src/test/regress/sql/aggregates.sql
View File

@ -1207,6 +1207,45 @@ SELECT balk(hundred) FROM tenk1;
ROLLBACK; ROLLBACK;
-- test multiple usage of an aggregate whose finalfn returns a R/W datum
BEGIN;
CREATE FUNCTION rwagg_sfunc(x anyarray, y anyarray) RETURNS anyarray
LANGUAGE plpgsql IMMUTABLE AS $$
BEGIN
RETURN array_fill(y[1], ARRAY[4]);
END;
$$;
CREATE FUNCTION rwagg_finalfunc(x anyarray) RETURNS anyarray
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
DECLARE
res x%TYPE;
BEGIN
-- assignment is essential for this test, it expands the array to R/W
res := array_fill(x[1], ARRAY[4]);
RETURN res;
END;
$$;
CREATE AGGREGATE rwagg(anyarray) (
STYPE = anyarray,
SFUNC = rwagg_sfunc,
FINALFUNC = rwagg_finalfunc
);
CREATE FUNCTION eatarray(x real[]) RETURNS real[]
LANGUAGE plpgsql STRICT IMMUTABLE AS $$
BEGIN
x[1] := x[1] + 1;
RETURN x;
END;
$$;
SELECT eatarray(rwagg(ARRAY[1.0::real])), eatarray(rwagg(ARRAY[1.0::real]));
ROLLBACK;
-- test coverage for aggregate combine/serial/deserial functions -- test coverage for aggregate combine/serial/deserial functions
BEGIN; BEGIN;