On Sat, 2005-04-30 at 16:17 -0400, Tom Lane wrote: > An example that Elein put up yesterday: > http://archives.postgresql.org/pgsql-general/2005-04/msg01384.php > caused me to realize that type output functions that depend on > additional arguments to determine what they are dealing with are > fundamentally security holes. It is trivial to crash 8.0's record_out > by lying to it about the rowtype of its first argument.
I was bitten by this a little while ago where I was running an OidFunctionCall1(yes, 1) on typoutput's. Andrew on IRC pointed out that calls to recordout out normally used a FunctionCall3, thus showing the reason for the issue. Sometimes junk data in the heap signalled the function to use it instead of the datum tuple's typoid, normally causing a failed cache lookup. I figured it was somehow my fault, but I just couldn't put my finger on it.(thanks again Andrew if you're on here) I imagine this change will also help save others from that mistake as well. ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org