Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit fe578cb

Browse files
committed
Fix datumSerialize infrastructure to not crash on non-varlena data.
Commit 1efc7e5 did a poor job of emulating existing logic for touching Datums that might be expanded-object pointers. It didn't check for typlen being -1 first, which meant it could crash on fixed-length pass-by-ref values, and probably on cstring values as well. It also didn't use DatumGetPointer before VARATT_IS_EXTERNAL_EXPANDED, which while currently harmless is not according to documentation nor prevailing style. I also think the lack of any explanation as to why datumSerialize makes these particular nonobvious choices is pretty awful, so fix that. Per report from Jarred Ward. Back-patch to 9.6 where this code came in. Discussion: https://postgr.es/m/6F61E6D2-2F5E-4794-9479-A429BE1CEA4B@simple.com
1 parent 1924ef4 commit fe578cb

File tree

1 file changed

+13
-5
lines changed

1 file changed

+13
-5
lines changed

src/backend/utils/adt/datum.c

+13-5
Original file line numberDiff line numberDiff line change
@@ -264,11 +264,11 @@ datumEstimateSpace(Datum value, bool isnull, bool typByVal, int typLen)
264264
/* no need to use add_size, can't overflow */
265265
if (typByVal)
266266
sz += sizeof(Datum);
267-
else if (VARATT_IS_EXTERNAL_EXPANDED(value))
267+
else if (typLen == -1 &&
268+
VARATT_IS_EXTERNAL_EXPANDED(DatumGetPointer(value)))
268269
{
269-
ExpandedObjectHeader *eoh = DatumGetEOHP(value);
270-
271-
sz += EOH_get_flat_size(eoh);
270+
/* Expanded objects need to be flattened, see comment below */
271+
sz += EOH_get_flat_size(DatumGetEOHP(value));
272272
}
273273
else
274274
sz += datumGetSize(value, typByVal, typLen);
@@ -282,6 +282,13 @@ datumEstimateSpace(Datum value, bool isnull, bool typByVal, int typLen)
282282
*
283283
* Serialize a possibly-NULL datum into caller-provided storage.
284284
*
285+
* Note: "expanded" objects are flattened so as to produce a self-contained
286+
* representation, but other sorts of toast pointers are transferred as-is.
287+
* This is because the intended use of this function is to pass the value
288+
* to another process within the same database server. The other process
289+
* could not access an "expanded" object within this process's memory, but
290+
* we assume it can dereference the same TOAST pointers this one can.
291+
*
285292
* The format is as follows: first, we write a 4-byte header word, which
286293
* is either the length of a pass-by-reference datum, -1 for a
287294
* pass-by-value datum, or -2 for a NULL. If the value is NULL, nothing
@@ -306,7 +313,8 @@ datumSerialize(Datum value, bool isnull, bool typByVal, int typLen,
306313
header = -2;
307314
else if (typByVal)
308315
header = -1;
309-
else if (VARATT_IS_EXTERNAL_EXPANDED(value))
316+
else if (typLen == -1 &&
317+
VARATT_IS_EXTERNAL_EXPANDED(DatumGetPointer(value)))
310318
{
311319
eoh = DatumGetEOHP(value);
312320
header = EOH_get_flat_size(eoh);

0 commit comments

Comments
 (0)