Bruce Momjian writes: > On Thu, Apr 16, 2015 at 11:29:07PM -0700, Jeff Janes wrote: >> Of course after sending that it became obvious. The C function is not >> getting >> called because the SQL function is marked as being strict, yet is called with >> NULL arguments. >> >> Trivial patch attached to unset strict flag in pg_proc.h. >> >> But CATALOG_VERSION_NO probably needs another bump as well. > > Patch applied and catversion bumped. Thanks.
Shouldn't there be some validation of arguments now that the function is no longer marked strict? Currently, unprivileged users can crash the server calling binary_upgrade_create_empty_extension with null arguments. Found using sqlsmith. regards, Andreas -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
