← Back to branch summary

~ubuntu-branches/ubuntu/utopic/postgresql-9.4/utopic-security

« back to all changes in this revision

Viewing changes to src/backend/utils/adt/rangetypes_selfuncs.c

  • Committer: Package Import Robot
  • Author(s): Martin Pitt, CVE-2014-8161
  • Date: 2015-02-06 12:31:46 UTC
  • mfrom: (1.1.5) (7.1.2 utopic-proposed)
  • Revision ID: package-import@ubuntu.com-20150206123146-vtmf30jbkm7w16p8
Tags: 9.4.1-0ubuntu0.14.10
https://launchpad.net/bugs/1418928
* New upstream security/bug fix release (LP: #1418928)
  - Fix buffer overruns in to_char() [CVE-2015-0241]
  - Fix buffer overruns in contrib/pgcrypto [CVE-2015-0243]
  - Fix possible loss of frontend/backend protocol synchronization after an
    error [CVE-2015-0244]
  - Fix information leak via constraint-violation error messages
    [CVE-2014-8161]
  - See release notes for details about other fixes:
    http://www.postgresql.org/about/news/1569/

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/backend/utils/adt/rangetypes_selfuncs.c
73
73
                        return 0.005;
74
74
 
75
75
                case OID_RANGE_CONTAINS_ELEM_OP:
 
76
                case OID_RANGE_ELEM_CONTAINED_OP:
76
77
 
77
78
                        /*
78
79
                         * "range @> elem" is more or less identical to a scalar
86
87
                case OID_RANGE_GREATER_EQUAL_OP:
87
88
                case OID_RANGE_LEFT_OP:
88
89
                case OID_RANGE_RIGHT_OP:
 
90
                case OID_RANGE_OVERLAPS_LEFT_OP:
 
91
                case OID_RANGE_OVERLAPS_RIGHT_OP:
89
92
                        /* these are similar to regular scalar inequalities */
90
93
                        return DEFAULT_INEQ_SEL;
91
94
 
109
112
        Node       *other;
110
113
        bool            varonleft;
111
114
        Selectivity selec;
112
 
        TypeCacheEntry *typcache;
 
115
        TypeCacheEntry *typcache = NULL;
113
116
        RangeType  *constrange = NULL;
114
117
 
115
118
        /*
186
189
                        constrange = range_serialize(typcache, &lower, &upper, false);
187
190
                }
188
191
        }
189
 
        else
190
 
        {
191
 
                typcache = range_get_typcache(fcinfo, ((Const *) other)->consttype);
 
192
        else if (operator == OID_RANGE_ELEM_CONTAINED_OP)
 
193
        {
 
194
                /*
 
195
                 * Here, the Var is the elem, not the range.  For now we just punt and
 
196
                 * return the default estimate.  In future we could disassemble the
 
197
                 * range constant and apply scalarineqsel ...
 
198
                 */
 
199
        }
 
200
        else if (((Const *) other)->consttype == vardata.vartype)
 
201
        {
 
202
                /* Both sides are the same range type */
 
203
                typcache = range_get_typcache(fcinfo, vardata.vartype);
192
204
 
193
 
                if (((Const *) other)->consttype == vardata.vartype)
194
 
                        constrange = DatumGetRangeType(((Const *) other)->constvalue);
 
205
                constrange = DatumGetRangeType(((Const *) other)->constvalue);
195
206
        }
196
207
 
197
208
        /*
198
209
         * If we got a valid constant on one side of the operator, proceed to
199
210
         * estimate using statistics. Otherwise punt and return a default constant
200
 
         * estimate.
 
211
         * estimate.  Note that calc_rangesel need not handle
 
212
         * OID_RANGE_ELEM_CONTAINED_OP.
201
213
         */
202
214
        if (constrange)
203
215
                selec = calc_rangesel(typcache, &vardata, constrange, operator);
270
282
                 */
271
283
                switch (operator)
272
284
                {
 
285
                                /* these return false if either argument is empty */
273
286
                        case OID_RANGE_OVERLAP_OP:
274
287
                        case OID_RANGE_OVERLAPS_LEFT_OP:
275
288
                        case OID_RANGE_OVERLAPS_RIGHT_OP:
276
289
                        case OID_RANGE_LEFT_OP:
277
290
                        case OID_RANGE_RIGHT_OP:
278
 
                                /* these return false if either argument is empty */
 
291
                                /* nothing is less than an empty range */
 
292
                        case OID_RANGE_LESS_OP:
279
293
                                selec = 0.0;
280
294
                                break;
281
295
 
 
296
                                /* only empty ranges can be contained by an empty range */
282
297
                        case OID_RANGE_CONTAINED_OP:
 
298
                                /* only empty ranges are <= an empty range */
283
299
                        case OID_RANGE_LESS_EQUAL_OP:
284
 
                        case OID_RANGE_GREATER_EQUAL_OP:
285
 
 
286
 
                                /*
287
 
                                 * these return true when both args are empty, false if only
288
 
                                 * one is empty
289
 
                                 */
290
300
                                selec = empty_frac;
291
301
                                break;
292
302
 
 
303
                                /* everything contains an empty range */
293
304
                        case OID_RANGE_CONTAINS_OP:
294
 
                                /* everything contains an empty range */
 
305
                                /* everything is >= an empty range */
 
306
                        case OID_RANGE_GREATER_EQUAL_OP:
295
307
                                selec = 1.0;
296
308
                                break;
297
309
 
 
310
                                /* all non-empty ranges are > an empty range */
 
311
                        case OID_RANGE_GREATER_OP:
 
312
                                selec = 1.0 - empty_frac;
 
313
                                break;
 
314
 
 
315
                                /* an element cannot be empty */
298
316
                        case OID_RANGE_CONTAINS_ELEM_OP:
299
317
                        default:
300
318
                                elog(ERROR, "unexpected operator %u", operator);
443
461
                case OID_RANGE_GREATER_OP:
444
462
                        hist_selec =
445
463
                                1 - calc_hist_selectivity_scalar(typcache, &const_lower,
 
464
                                                                                                 hist_lower, nhist, false);
 
465
                        break;
 
466
 
 
467
                case OID_RANGE_GREATER_EQUAL_OP:
 
468
                        hist_selec =
 
469
                                1 - calc_hist_selectivity_scalar(typcache, &const_lower,
446
470
                                                                                                 hist_lower, nhist, true);
447
471
                        break;
448
472
 
449
 
                case OID_RANGE_GREATER_EQUAL_OP:
450
 
                        hist_selec =
451
 
                                1 - calc_hist_selectivity_scalar(typcache, &const_lower,
452
 
                                                                                                 hist_lower, nhist, false);
453
 
                        break;
454
 
 
455
473
                case OID_RANGE_LEFT_OP:
456
474
                        /* var << const when upper(var) < lower(const) */
457
475
                        hist_selec =