Commit Graph

28714 Commits

Author SHA1 Message Date
Tom Lane
c3110e49b1 Make sure that GIN fast-insert and regular code paths enforce the same
tuple size limit.  Improve the error message for index-tuple-too-large
so that it includes the actual size, the limit, and the index name.
Sync with the btree occurrences of the same error.

Back-patch to 8.4 because it appears that the out-of-sync problem
is occurring in the field.

Teodor and Tom
2009-10-02 21:14:11 +00:00
Tom Lane
ac317a8474 Fix erroneous handling of shared dependencies (ie dependencies on roles)
in CREATE OR REPLACE FUNCTION.  The original code would update pg_shdepend
as if a new function was being created, even if it wasn't, with two bad
consequences: pg_shdepend might record the wrong owner for the function,
and any dependencies for roles mentioned in the function's ACL would be lost.
The fix is very easy: just don't touch pg_shdepend at all when doing a
function replacement.

Also update the CREATE FUNCTION reference page, which never explained
exactly what changes and doesn't change in a function replacement.
In passing, fix the CREATE VIEW reference page similarly; there's no
code bug there, but the docs didn't say what happens.
2009-10-02 18:13:10 +00:00
Alvaro Herrera
ae35363dce Ensure that a cursor has an immutable snapshot throughout its lifespan.
The old coding was using a regular snapshot, referenced elsewhere, that was
subject to having its command counter updated.  Fix by creating a private copy
of the snapshot exclusively for the cursor.

Backpatch to 8.4, which is when the bug was introduced during the snapshot
management rewrite.
2009-10-02 17:58:21 +00:00
Tom Lane
d4bd8423c9 Fix equivclass.c's not-quite-right strategy for handling X=X clauses.
The original coding correctly noted that these aren't just redundancies
(they're effectively X IS NOT NULL, assuming = is strict).  However, they
got treated that way if X happened to be in a single-member EquivalenceClass
already, which could happen if there was an ORDER BY X clause, for instance.
The simplest and most reliable solution seems to be to not try to process
such clauses through the EquivalenceClass machinery; just throw them back
for traditional processing.  The amount of work that'd be needed to be
smarter than that seems out of proportion to the benefit.

Per bug #5084 from Bernt Marius Johnsen, and analysis by Andrew Gierth.
2009-09-29 01:20:55 +00:00
Andrew Dunstan
38da75e1e9 Convert a perl array to a postgres array when returned by Set Returning Functions as well as non SRFs. Backpatch to 8.1 where these facilities were introduced. with a little help from Abhijit Menon-Sen. 2009-09-28 17:30:56 +00:00
Tom Lane
5136541a6a Fix RelationCacheInitializePhase2 (Phase3, in HEAD) to cope with the
possibility of shared-inval messages causing a relcache flush while it tries
to fill in missing data in preloaded relcache entries.  There are actually
two distinct failure modes here:

1. The flush could delete the next-to-be-processed cache entry, causing
the subsequent hash_seq_search calls to go off into the weeds.  This is
the problem reported by Michael Brown, and I believe it also accounts
for bug #5074.  The simplest fix is to restart the hashtable scan after
we've read any new data from the catalogs.  It appears that pre-8.4
branches have not suffered from this failure, because by chance there were
no other catalogs sharing the same hash chains with the catalogs that
RelationCacheInitializePhase2 had work to do for.  However that's obviously
pretty fragile, and it seems possible that derivative versions with
additional system catalogs might be vulnerable, so I'm back-patching this
part of the fix anyway.

2. The flush could delete the *current* cache entry, in which case the
pointer to the newly-loaded data would end up being stored into an
already-deleted Relation struct.  As long as it was still deleted, the only
consequence would be some leaked space in CacheMemoryContext.  But it seems
possible that the Relation struct could already have been recycled, in
which case this represents a hard-to-reproduce clobber of cached data
structures, with unforeseeable consequences.  The fix here is to pin the
entry while we work on it.

In passing, also change RelationCacheInitializePhase2 to Assert that
formrdesc() set up the relation's cached TupleDesc (rd_att) with the
correct type OID and hasoids values.  This is more appropriate than
silently updating the values, because the original tupdesc might already
have been copied into the catcache.  However this part of the patch is
not in HEAD because it fails due to some questionable recent changes in
formrdesc :-(.  That will be cleaned up in a subsequent patch.
2009-09-26 18:24:55 +00:00
Tom Lane
ddf8b77020 Fix crash if a DROP is attempted on an internally-dependent object.
Introduced in 8.4 rewrite of dependency.c.
Per bug #5072 from Amit Khandekar.
2009-09-22 15:46:43 +00:00
Bruce Momjian
3141a43605 fsync test files
Prevent creation of 16GB files during fsync testing; only create 16MB
files;  backpatch to 8.4.X.
2009-09-21 20:21:02 +00:00
Tom Lane
4853c1eb2f A bit more wordsmithing on the COPY CSV NULL business. 2009-09-18 20:01:18 +00:00
Teodor Sigaev
8cc1c8c9f2 Fix incorrect arguments for gist_box_penalty call. The bug could be observed
only for secondary page split (i.e. for non-first columns of index)

 Patch by Paul Ramsey <pramsey@opengeo.org>
2009-09-18 14:02:40 +00:00
Bruce Momjian
541569caed CSV NULL Documentation
Update docs to clearly explain NULL value matching behavior, per Andrew.

Backpatch to 8.4.X.
2009-09-17 21:49:22 +00:00
Bruce Momjian
77b2388b24 CVS NULL Documentation
Clearify documentation of CVS's output of NULL values, per suggestion
from Magnus.

Backpatch to 8.4.X.
2009-09-17 21:28:30 +00:00
Tom Lane
010394d7aa Fix two distinct errors in creation of GIN_INSERT_LISTPAGE xlog records.
In practice these mistakes were always masked when full_page_writes was on,
because XLogInsert would always choose to log the full page, and then
ginRedoInsertListPage wouldn't try to do anything.  But with full_page_writes
off a WAL replay failure was certain.

The GIN_INSERT_LISTPAGE record type could probably be eliminated entirely
in favor of using XLOG_HEAP_NEWPAGE, but I refrained from doing that now
since it would have required a significantly more invasive patch.

In passing do a little bit of code cleanup, including making the accounting
for free space on GIN list pages more precise.  (This wasn't a bug as the
errors were always in the conservative direction.)

Per report from Simon.  Back-patch to 8.4 which contains the identical code.
2009-09-15 20:31:35 +00:00
Heikki Linnakangas
524f701cb5 Don't error out if recycling or removing an old WAL segment fails at the end
of checkpoint. Although the checkpoint has been written to WAL at that point
already, so that all data is safe, and we'll retry removing the WAL segment at
the next checkpoint, if such a failure persists we won't be able to remove any
other old WAL segments either and will eventually run out of disk space. It's
better to treat the failure as non-fatal, and move on to clean any other WAL
segment and continue with any other end-of-checkpoint cleanup.

We don't normally expect any such failures, but on Windows it can happen with
some anti-virus or backup software that lock files without FILE_SHARE_DELETE
flag.

Also, the loop in pgrename() to retry when the file is locked was broken. If a
file is locked on Windows, you get ERROR_SHARE_VIOLATION, not
ERROR_ACCESS_DENIED, at least on modern versions. Fix that, although I left
the check for ERROR_ACCESS_DENIED in there as well (presumably it was correct
in some environment), and added ERROR_LOCK_VIOLATION to be consistent with
similar checks in pgwin32_open(). Reduce the timeout on the loop from 30s to
10s, on the grounds that since it's been broken, we've effectively had a
timeout of 0s and no-one has complained, so a smaller timeout is actually
closer to the old behavior. A longer timeout would mean that if recycling a
WAL file fails because it's locked for some reason, InstallXLogFileSegment()
will hold ControlFileLock for longer, potentially blocking other backends, so
a long timeout isn't totally harmless.

While we're at it, set errno correctly in pgrename().

Backpatch to 8.2, which is the oldest version supported on Windows. The xlog.c
changes would make sense on other platforms and thus on older versions as
well, but since there's no such locking issues on other platforms, it's not
worth it.
2009-09-13 18:32:17 +00:00
Joe Conway
0daae1a622 plug dblink resource leak
dblink generates orphaned connections when called with a connection string,
fail_on_error = true, and an ERROR occurs. Discovery and patch by
Tatsuhito Kasahara. Introduced in 8.4.
2009-09-12 23:21:13 +00:00
Tom Lane
3a3c2cd59c Fix assertion failure when a SELECT DISTINCT ON expression is volatile.
In this case we generate two PathKey references to the expression (one for
DISTINCT and one for ORDER BY) and they really need to refer to the same
EquivalenceClass.  However get_eclass_for_sort_expr was being overly paranoid
and creating two different EC's.  Correct behavior is to use the SortGroupRef
index to decide whether two references to volatile expressions that are
equal() (ie textually equivalent) should be considered the same.

Backpatch to 8.4.  Possibly this should be changed in 8.3 as well, but
I'll refrain in the absence of evidence of a visible failure in that branch.

Per bug #5049.
2009-09-12 00:05:07 +00:00
Heikki Linnakangas
96ca52dbe8 On Windows, when a file is deleted and another process still has an open
file handle on it, the file goes into "pending deletion" state where it
still shows up in directory listing, but isn't accessible otherwise. That
confuses RemoveOldXLogFiles(), making it think that the file hasn't been
archived yet, while it actually was, and it was deleted along with the .done
file.

Fix that by renaming the file with ".deleted" extension before deleting it.
Also check the return value of rename() and unlink(), so that if the removal
fails for any reason (e.g another process is holding the file locked), we
don't delete the .done file until the WAL file is really gone.

Backpatch to 8.2, which is the oldest version supported on Windows.
2009-09-10 09:42:29 +00:00
Tom Lane
9ed9ac5a38 Fix bug with WITH RECURSIVE immediately inside WITH RECURSIVE. 99% of the
code was already okay with this, but the hack that obtained the output
column types of a recursive union in advance of doing real parse analysis
of the recursive union forgot to handle the case where there was an inner
WITH clause available to the non-recursive term.  Best fix seems to be to
refactor so that we don't need the "throwaway" parse analysis step at all.
Instead, teach the transformSetOperationStmt code to set up the CTE's output
column information after it's processed the non-recursive term normally.
Per report from David Fetter.
2009-09-09 03:33:01 +00:00
Tom Lane
3385dcc8c8 Remove outside-the-scanner references to "yyleng".
It seems the flex developers have decided to change yyleng from int to size_t.
This has already happened in the latest release of OS X, and will start
happening elsewhere once the next release of flex appears.  Rather than trying
to divine how it's declared in any particular build, let's just remove the one
existing not-very-necessary external usage.

Back-patch to all supported branches; not so much because users in the field
are likely to care about building old branches with cutting-edge flex, as
to keep OSX-based buildfarm members from having problems with old branches.
2009-09-08 04:25:14 +00:00
Tom Lane
2b893f65e9 Update the tznames reference files, and add IDT (Israel Daylight Time)
to the Default timezone abbreviation set.

Back-port the the current file set to all branches that contain tznames.
This includes adding SGT to the Default set in pre-8.4 releases.

Joachim Wieland
2009-09-06 15:25:31 +00:00
Tom Lane
d53bbbcf13 Put back "ifeq ($(PORTNAME), solaris)", this time with some documentation
of why it's not as broken as it appears on first glance.
2009-09-05 21:14:13 +00:00
Tom Lane
71c4a7b94e Revert ill-considered restriction of dtrace support to Solaris only. 2009-09-04 23:11:10 +00:00
Heikki Linnakangas
a3cd02e97a Fix encoding handling in xml binary input function. If the XML header didn't
specify an encoding explicitly, we used to treat it as being in database
encoding when we parsed it, but then perform a UTF-8 -> database encoding
conversion on it, which was completely bogus. It's now consistently treated as
UTF-8.
2009-09-04 10:49:43 +00:00
Marc G. Fournier
6883b7df92 Tag 8.4.1 2009-09-04 00:36:51 +00:00
Tom Lane
b58a4b2ee8 Final updates of release notes for 8.4.1, 8.3.8, 8.2.14, 8.1.18, 8.0.22,
7.4.26.
2009-09-03 22:13:58 +00:00
Tom Lane
57710f39cc Make LOAD of an already-loaded library into a no-op, instead of attempting
to unload and re-load the library.

The difficulty with unloading a library is that we haven't defined safe
protocols for doing so.  In particular, there's no safe mechanism for
getting out of a "hook" function pointer unless libraries are unloaded
in reverse order of loading.  And there's no mechanism at all for undefining
a custom GUC variable, so GUC would be left with a pointer to an old value
that might or might not still be valid, and very possibly wouldn't be in
the same place anymore.

While the unload and reload behavior had some usefulness in easing
development of new loadable libraries, it's of no use whatever to normal
users, so just disabling it isn't giving up that much.  Someday we might
care to expend the effort to develop safe unload protocols; but even if
we did, there'd be little certainty that every third-party loadable module
was following them, so some security restrictions would still be needed.

Back-patch to 8.2; before that, LOAD was superuser-only anyway.

Security: unprivileged users could crash backend.  CVE not assigned yet
2009-09-03 22:11:13 +00:00
Tom Lane
4fd4bf4bd8 Disallow RESET ROLE and RESET SESSION AUTHORIZATION inside security-definer
functions.

This extends the previous patch that forbade SETting these variables inside
security-definer functions.  RESET is equally a security hole, since it
would allow regaining privileges of the caller; furthermore it can trigger
Assert failures and perhaps other internal errors, since the code is not
expecting these variables to change in such contexts.  The previous patch
did not cover this case because assign hooks don't really have enough
information, so move the responsibility for preventing this into guc.c.

Problem discovered by Heikki Linnakangas.

Security: no CVE assigned yet, extends CVE-2007-6600
2009-09-03 22:08:14 +00:00
Peter Eisentraut
3e2440970a Translation updates 2009-09-03 21:01:26 +00:00
Tom Lane
828fc43c8c Install a workaround for a longstanding gcc bug that allows SIGFPE traps
to occur for division by zero, even though the code is carefully avoiding
that.  All available evidence is that the only functions affected are
int24div, int48div, and int28div, so patch just those three functions to
include a "return" after the ereport() call.

Backpatch to 8.4 so that the fix can be tested in production builds.
For older branches our recommendation will continue to be to use -O1
on affected platforms (which are mostly non-mainstream anyway).
2009-09-03 18:48:21 +00:00
Tom Lane
0f240ce595 Update time zone data files to tzdata release 2009l: DST law changes in
Egypt, Mauritius, Bangladesh.
2009-09-03 04:44:43 +00:00
Tom Lane
2bdd765f79 Fix subquery pullup to wrap a PlaceHolderVar around the entire RowExpr
that's generated for a whole-row Var referencing the subquery, when the
subquery is in the nullable side of an outer join.  The previous coding
instead put PlaceHolderVars around the elements of the RowExpr.  The effect
was that when the outer join made the subquery outputs go to null, the
whole-row Var produced ROW(NULL,NULL,...) rather than just NULL.  There
are arguments afoot about whether those things ought to be semantically
indistinguishable, but for the moment they are not entirely so, and the
planner needs to take care that its machinations preserve the difference.
Per bug #5025.

Making this feasible required refactoring ResolveNew() to allow more caller
control over what is substituted for a Var.  I chose to make ResolveNew()
a wrapper around a new general-purpose function replace_rte_variables().
I also fixed the ancient bogosity that ResolveNew might fail to set
a query's hasSubLinks field after inserting a SubLink in it.  Although
all current callers make sure that happens anyway, we've had bugs of that
sort before, and it seemed like a good time to install a proper solution.

Back-patch to 8.4.  The problem can be demonstrated clear back to 8.0,
but the fix would be too invasive in earlier branches; not to mention
that people may be depending on the subtly-incorrect behavior.  The
8.4 series is new enough that fixing this probably won't cause complaints,
but it might in older branches.  Also, 8.4 shows the incorrect behavior
in more cases than older branches do, because it is able to flatten
subqueries in more cases.
2009-09-02 17:52:33 +00:00
Tom Lane
9a6313f469 Fix pg_ctl's readfile() to not go into infinite loop on an empty file
(could happen if either postgresql.conf or postmaster.opts is empty).
It's been broken since the C version was written for 8.0, so patch
all the way back.

initdb's copy of the function is broken in the same way, but it's
less important there since the input files should never be empty.
Patch that in HEAD only, and also fix some cosmetic differences that
crept into that copy of the function.

Per report from Corry Haines and Jeff Davis.
2009-09-02 02:40:59 +00:00
Tom Lane
ba5317237f Remove duplicate variable initializations identified by clang static checker.
One of these represents a nontrivial bug (a promptly-leaked palloc), so
backpatch.

Greg Stark
2009-08-30 16:53:37 +00:00
Tom Lane
3f2fa308d1 Modify the definition of window-function PARTITION BY and ORDER BY clauses
so that their elements are always taken as simple expressions over the
query's input columns.  It originally seemed like a good idea to make them
act exactly like GROUP BY and ORDER BY, right down to the SQL92-era behavior
of accepting output column names or numbers.  However, that was not such a
great idea, for two reasons:

1. It permits circular references, as exhibited in bug #5018: the output
column could be the one containing the window function itself.  (We actually
had a regression test case illustrating this, but nobody thought twice about
how confusing that would be.)

2. It doesn't seem like a good idea for, eg, "lead(foo) OVER (ORDER BY foo)"
to potentially use two completely different meanings for "foo".

Accordingly, narrow down the behavior of window clauses to use only the
SQL99-compliant interpretation that the expressions are simple expressions.
2009-08-27 20:08:12 +00:00
Alvaro Herrera
6c593b9ca0 Fix broken markup
Jan Urbański
2009-08-27 20:05:46 +00:00
Alvaro Herrera
b78b4d5117 Fix handling of autovacuum reloptions.
In the original coding, setting a single reloption would cause default
values to be used for all the other reloptions.  This is a problem
particularly for autovacuum reloptions.

Itagaki Takahiro
2009-08-27 17:19:31 +00:00
Heikki Linnakangas
593810f3cd In the checkpoint written at the end of archive recovery, the WAL page header
was incorrectly initialized with timeline ID 0. That rendered the WAL page
unrecoverable, making a subsequent archive recovery stop at that point.
ThisTimeLineID needs to be initialized before calling AdvanceXLInsertBuffer().

This fixes bug #5011 reported by James Bardin. Backpatch to 8.4, as the bug
was introduced by the changes to use of bgwriter for writing the
end-of-archive-recovery checkpoint. Patch by Tom Lane.
2009-08-27 07:18:04 +00:00
Bruce Momjian
95ac06c85b Update release notes for 7.4.26, 8.0.22, 8.1.18, 8.2.14, 8.3.8, 8.4.1. 2009-08-27 01:27:43 +00:00
Tom Lane
824e0e4686 Try to make silent_mode behave somewhat reasonably.
Instead of sending stdout/stderr to /dev/null after forking away from the
terminal, send them to postmaster.log within the data directory.  Since
this opens the door to indefinite logfile bloat, recommend even more
strongly that log output be redirected when using silent_mode.

Move the postmaster's initial calls of load_hba() and load_ident() down
to after we have started the log collector, if we are going to.  This
is so that errors reported by them will appear in the "usual" place.

Reclassify silent_mode as a LOGGING_WHERE, not LOGGING_WHEN, parameter,
since it's got absolutely nothing to do with the latter category.

In passing, fix some obsolete references to -S ... this option hasn't
had that switch letter for a long time.

Back-patch to 8.4, since as of 8.4 load_hba() and load_ident() are more
picky (and thus more likely to fail) than they used to be.  This entire
change was driven by a complaint about those errors disappearing into
the bit bucket.
2009-08-24 20:08:40 +00:00
Tom Lane
1651dfc064 Small correction to previous patch: we shouldn't ReleasePostmasterChildSlot
for a dead_end child, because we didn't AssignPostmasterChildSlot.
2009-08-24 18:09:54 +00:00
Alvaro Herrera
6887067b6d Avoid calling kill() in a postmaster signal handler.
This causes problems when the system load is high, per report from Zdenek
Kotala in <1250860954.1239.114.camel@localhost>; instead of calling kill
directly, have the signal handler set a flag which is checked in ServerLoop.
This way, the handler can return before being called again by a subsequent
signal sent from the autovacuum launcher.  Also, increase the sleep in the
launcher in this failure path to 1 second.

Backpatch to 8.3, which is when the signalling between autovacuum
launcher/postmaster was introduced.

Also, add a couple of ReleasePostmasterChildSlot calls in error paths; this
part backpatched to 8.4 which is when the child slot stuff was introduced.
2009-08-24 17:23:17 +00:00
Tom Lane
3600e4ced2 Fix inclusions of readline/editline header files so that we only attempt to
#include the version of history.h that is in the same directory as the
readline.h we are using.  This avoids problems in some scenarios where both
readline and editline are installed.  Report and patch by Zdenek Kotala.
2009-08-24 16:18:19 +00:00
Tom Lane
fedb166549 Fix a violation of WAL coding rules in the recent patch to include an
"all tuples visible" flag in heap page headers.  The flag update *must*
be applied before calling XLogInsert, but heap_update and the tuple
moving routines in VACUUM FULL were ignoring this rule.  A crash and
replay could therefore leave the flag incorrectly set, causing rows
to appear visible in seqscans when they should not be.  This might explain
recent reports of data corruption from Jeff Ross and others.

In passing, do a bit of editorialization on comments in visibilitymap.c.
2009-08-24 02:18:40 +00:00
Tom Lane
2acb2bcbcb Tweak ExecIndexEvalRuntimeKeys to forcibly detoast any toasted comparison
values before they get passed to the index access method.  This avoids
repeated detoastings that will otherwise ensue as the comparison value
is examined by various index support functions.  We have seen a couple of
reports of cases where repeated detoastings result in an order-of-magnitude
slowdown, so it seems worth adding a bit of extra logic to prevent this.

I had previously proposed trying to avoid duplicate detoastings in general,
but this fix takes care of what seems the most important case in practice
with very little effort or risk.

Back-patch to 8.4 so that the PostGIS folk won't have to wait a year to
have this fix in a production release.  (The issue exists further back,
of course, but the code's diverged enough to make backpatching further a
higher-risk action.  Also it appears that the possible gains may be limited
in prior releases because of different handling of lossy operators.)
2009-08-23 18:26:15 +00:00
Tom Lane
977c77759c Fix overflow for INTERVAL 'x ms' where x is more than a couple million,
and integer datetimes are in use.  Per bug report from Hubert Depesz
Lubaczewski.

Alex Hunsaker
2009-08-18 21:23:21 +00:00
Tom Lane
55ea948feb Fix imprecise documentation of random(): it never returns 1.0.
This was changed in 8.2 but the documentation was not corrected.
Per gripe from Sam Mason.
2009-08-16 19:55:28 +00:00
Tom Lane
ef75f74f4c Fix incorrect encoding-aware name truncation in makeArrayTypeName().
truncate_identifier won't do anything if the passed-in strlen is already
less than NAMEDATALEN, which it always would be given the strlcpy usage.
This has been broken since the arrays-of-composite-types code went in.

Arguably truncate_identifier is suffering from excessive optimization
and should always process the string, but for the moment I'll take the
more localized patch.

Per bug #4987.
2009-08-16 18:14:39 +00:00
Bruce Momjian
08d1d61769 Remove tab in SGML. 2009-08-15 19:33:29 +00:00
Tom Lane
69eab4e387 Put back adjust_appendrel_attrs()'s code for dealing with RestrictInfo.
I mistakenly removed it last month, thinking it was no longer needed ---
but it is still needed for dealing with joininfo lists.  Fortunately this
bit of brain fade hadn't made it into any released versions yet.
2009-08-13 16:53:15 +00:00
Tom Lane
3dc494f0a3 Fix old bug in log_autovacuum_min_duration code: it was relying on being able
to access a Relation entry it had just closed.  I happened to be testing with
CLOBBER_CACHE_ALWAYS, which made this a guaranteed core dump (at least on
machines where sprintf %s isn't forgiving of a NULL pointer).  It's probably
quite unlikely that it would fail in the field, but a bug is a bug.  Fix by
moving the relation_close call down past the logging action.
2009-08-12 18:23:55 +00:00