Skip to main content

Browse the archive

https://github.com/postgres/postgres
07 April 2024, 13:56:23 UTC
sort by:
Revision Author Date Message Commit Date
8ec7689 Tom Lane 01 December 2011, 21:55:48 UTC Stamp 8.3.17. 01 December 2011, 21:55:48 UTC
50be28d Tom Lane 01 December 2011, 01:55:18 UTC Update information about configuring SysV IPC parameters on NetBSD. Per Emmanuel Kasper, sysctl works fine as of NetBSD 5.0. 01 December 2011, 01:55:18 UTC
b06231a Tom Lane 01 December 2011, 00:35:05 UTC Draft release notes for 9.1.2, 9.0.6, 8.4.10, 8.3.17, 8.2.23. 01 December 2011, 00:35:05 UTC
48e6495 Tom Lane 30 November 2011, 16:48:05 UTC Update time zone data files to tzdata release 2011n. DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, Samoa. Historical corrections for Alaska and British East Africa. 30 November 2011, 16:49:11 UTC
ed30dff Tom Lane 30 November 2011, 05:37:33 UTC Tweak previous patch to ensure edata->filename always gets initialized. On a platform that isn't supplying __FILE__, previous coding would either crash or give a stale result for the filename string. Not sure how likely that is, but the original code catered for it, so let's keep doing so. 30 November 2011, 05:37:33 UTC
74f0225 Peter Eisentraut 29 November 2011, 20:04:59 UTC Strip file names reported in error messages in vpath builds In vpath builds, the __FILE__ macro that is used in verbose error reports contains the full absolute file name, which makes the error messages excessively verbose. So keep only the base name, thus matching the behavior of non-vpath builds. 30 November 2011, 04:46:52 UTC
322fc5c Andrew Dunstan 28 November 2011, 12:46:15 UTC Backpatch "Use the preferred version of xsubpp." As requested this is backpatched all the way to release 8.2. 28 November 2011, 12:46:15 UTC
fdaff0b Tom Lane 19 November 2011, 05:35:29 UTC Avoid floating-point underflow while tracking buffer allocation rate. When the system is idle for awhile after activity, the "smoothed_alloc" state variable in BgBufferSync converges slowly to zero. With standard IEEE float arithmetic this results in several iterations with denormalized values, which causes kernel traps and annoying log messages on some poorly-designed platforms. There's no real need to track such small values of smoothed_alloc, so we can prevent the kernel traps by forcing it to zero as soon as it's too small to be interesting for our purposes. This issue is purely cosmetic, since the iterations don't happen fast enough for the kernel traps to pose any meaningful performance problem, but still it seems worth shutting up the log messages. The kernel log messages were previously reported by a number of people, but kudos to Greg Matthews for tracking down exactly where they were coming from. 19 November 2011, 05:36:59 UTC
692ca69 Robert Haas 16 November 2011, 01:34:47 UTC Don't elide blank lines when accumulating psql command history. This can change the meaning of queries, if the blank line happens to occur in the middle of a quoted literal, as per complaint from Tomas Vondra. Back-patch to all supported branches. 16 November 2011, 01:36:28 UTC
e7c8efa Peter Eisentraut 10 November 2011, 18:52:54 UTC Fix server header file installation with vpath builds Several server header files would not be installed in vpath builds because they live in the build directory. 10 November 2011, 19:43:05 UTC
3944238 Heikki Linnakangas 08 November 2011, 20:39:43 UTC Make DatumGetInetP() unpack inet datums with a 1-byte header, and add a new macro, DatumGetInetPP(), that does not. This brings these macros in line with other DatumGet*P() macros. Backpatch to 8.3, where 1-byte header varlenas were introduced. 08 November 2011, 20:45:36 UTC
c34088f Tom Lane 05 November 2011, 03:23:33 UTC Don't assume that a tuple's header size is unchanged during toasting. This assumption can be wrong when the toaster is passed a raw on-disk tuple, because the tuple might pre-date an ALTER TABLE ADD COLUMN operation that added columns without rewriting the table. In such a case the tuple's natts value is smaller than what we expect from the tuple descriptor, and so its t_hoff value could be smaller too. In fact, the tuple might not have a null bitmap at all, and yet our current opinion of it is that it contains some trailing nulls. In such a situation, toast_insert_or_update did the wrong thing, because to save a few lines of code it would use the old t_hoff value as the offset where heap_fill_tuple should start filling data. This did not leave enough room for the new nulls bitmap, with the result that the first few bytes of data could be overwritten with null flag bits, as in a recent report from Hubert Depesz Lubaczewski. The particular case reported requires ALTER TABLE ADD COLUMN followed by CREATE TABLE AS SELECT * FROM ... or INSERT ... SELECT * FROM ..., and further requires that there be some out-of-line toasted fields in one of the tuples to be copied; else we'll not reach the troublesome code. The problem can only manifest in this form in 8.4 and later, because before commit a77eaa6a95009a3441e0d475d1980259d45da072, CREATE TABLE AS or INSERT/SELECT wouldn't result in raw disk tuples getting passed directly to heap_insert --- there would always have been at least a junkfilter in between, and that would reconstitute the tuple header with an up-to-date t_natts and hence t_hoff. But I'm backpatching the tuptoaster change all the way anyway, because I'm not convinced there are no older code paths that present a similar risk. 05 November 2011, 03:23:33 UTC
6081757 Peter Eisentraut 04 November 2011, 20:01:35 UTC Fix archive_command example The given archive_command example didn't use %p or %f, which wouldn't really work in practice. 04 November 2011, 20:04:08 UTC
0dddbbc Tom Lane 03 November 2011, 23:18:10 UTC Fix bogus code in contrib/ tsearch dictionary examples. Both dict_int and dict_xsyn were blithely assuming that whatever memory palloc gives back will be pre-zeroed. This would typically work for just about long enough to run their regression tests, and no longer :-(. The pre-9.0 code in dict_xsyn was even lamer than that, as it would happily give back a pointer to the result of palloc(0), encouraging its caller to access off the end of memory. Again, this would just barely fail to fail as long as memory contained nothing but zeroes. Per a report from Rodrigo Hjort that code based on these examples didn't work reliably. 03 November 2011, 23:18:10 UTC
a0bd4f7 Tom Lane 02 November 2011, 17:38:21 UTC Revert "Stop btree indexscans upon reaching nulls in either direction." This reverts commit ff41611ddcce36b8f87b73c65b78d8f71a157302. As pointed out by Naoya Anzai, we need to do more work to make that idea handle end-of-index cases, and it is looking like too much risk for a back-patch. So bug #6278 is only going to be fixed in HEAD. 02 November 2011, 17:38:21 UTC
7e03d28 Tom Lane 01 November 2011, 23:49:01 UTC Fix race condition with toast table access from a stale syscache entry. If a tuple in a syscache contains an out-of-line toasted field, and we try to fetch that field shortly after some other transaction has committed an update or deletion of the tuple, there is a race condition: vacuum could come along and remove the toast tuples before we can fetch them. This leads to transient failures like "missing chunk number 0 for toast value NNNNN in pg_toast_2619", as seen in recent reports from Andrew Hammond and Tim Uckun. The design idea of syscache is that access to stale syscache entries should be prevented by relation-level locks, but that fails for at least two cases where toasted fields are possible: ANALYZE updates pg_statistic rows without locking out sessions that might want to plan queries on the same table, and CREATE OR REPLACE FUNCTION updates pg_proc rows without any meaningful lock at all. The least risky fix seems to be an idea that Heikki suggested when we were dealing with a related problem back in August: forcibly detoast any out-of-line fields before putting a tuple into syscache in the first place. This avoids the problem because at the time we fetch the parent tuple from the catalog, we should be holding an MVCC snapshot that will prevent removal of the toast tuples, even if the parent tuple is outdated immediately after we fetch it. (Note: I'm not convinced that this statement holds true at every instant where we could be fetching a syscache entry at all, but it does appear to hold true at the times where we could fetch an entry that could have a toasted field. We will need to be a bit wary of adding toast tables to low-level catalogs that don't have them already.) An additional benefit is that subsequent uses of the syscache entry should be faster, since they won't have to detoast the field. Back-patch to all supported versions. The problem is significantly harder to reproduce in pre-9.0 releases, because of their willingness to flush every entry in a syscache whenever the underlying catalog is vacuumed (cf CatalogCacheFlushRelation); but there is still a window for trouble. 01 November 2011, 23:49:01 UTC
ff41611 Tom Lane 31 October 2011, 20:40:27 UTC Stop btree indexscans upon reaching nulls in either direction. The existing scan-direction-sensitive tests were overly complex, and failed to stop the scan in cases where it's perfectly legitimate to do so. Per bug #6278 from Maksym Boguk. Back-patch to 8.3, which is as far back as the patch applies easily. Doesn't seem worth sweating over a relatively minor performance issue in 8.2 at this late date. (But note that this was a performance regression from 8.1 and before, so 8.2 is being left as an outlier.) 31 October 2011, 20:40:27 UTC
b52ca45 Tom Lane 29 October 2011, 18:31:12 UTC Fix assorted bogosities in cash_in() and cash_out(). cash_out failed to handle multiple-byte thousands separators, as per bug #6277 from Alexander Law. In addition, cash_in didn't handle that either, nor could it handle multiple-byte positive_sign. Both routines failed to support multiple-byte mon_decimal_point, which I did not think was worth changing, but at least now they check for the possibility and fall back to using '.' rather than emitting invalid output. Also, make cash_in handle trailing negative signs, which formerly it would reject. Since cash_out generates trailing negative signs whenever the locale tells it to, this last omission represents a fail-to-reload-dumped-data bug. IMO that justifies patching this all the way back. 29 October 2011, 18:31:12 UTC
05c3b9a Tom Lane 28 October 2011, 03:09:26 UTC Update docs to point to the timezone library's new home at IANA. The recent unpleasantness with copyrights has accelerated a move that was already in planning. 28 October 2011, 03:09:26 UTC
c401a7c Tom Lane 26 October 2011, 17:02:53 UTC Change FK trigger creation order to better support self-referential FKs. When a foreign-key constraint references another column of the same table, row updates will queue both the PK's ON UPDATE action and the FK's CHECK action in the same event. The ON UPDATE action must execute first, else the CHECK will check a non-final state of the row and possibly throw an inappropriate error, as seen in bug #6268 from Roman Lytovchenko. Now, the firing order of multiple triggers for the same event is determined by the sort order of their pg_trigger.tgnames, and the auto-generated names we use for FK triggers are "RI_ConstraintTrigger_NNNN" where NNNN is the trigger OID. So most of the time the firing order is the same as creation order, and so rearranging the creation order fixes it. This patch will fail to fix the problem if the OID counter wraps around or adds a decimal digit (eg, from 99999 to 100000) while we are creating the triggers for an FK constraint. Given the small odds of that, and the low usage of self-referential FKs, we'll live with that solution in the back branches. A better fix is to change the auto-generated names for FK triggers, but it seems unwise to do that in stable branches because there may be client code that depends on the naming convention. We'll fix it that way in HEAD in a separate patch. Back-patch to all supported branches, since this bug has existed for a long time. 26 October 2011, 17:02:53 UTC
b4cecb5 Tom Lane 18 October 2011, 21:11:18 UTC Fix pg_dump to dump casts between auto-generated types. The heuristic for when to dump a cast failed for a cast between table rowtypes, as reported by Frédéric Rejol. Fix it by setting the "dump" flag for such a type the same way as the flag is set for the underlying table or base type. This won't result in the auto-generated type appearing in the output, since setting its objType to DO_DUMMY_TYPE unconditionally suppresses that. But it will result in dumpCast doing what was intended. Back-patch to 8.3. The 8.2 code is rather different in this area, and it doesn't seem worth any risk to fix a corner case that nobody has stumbled on before. 18 October 2011, 21:11:18 UTC
0a6209f Tom Lane 15 October 2011, 00:24:50 UTC Fix bugs in information_schema.referential_constraints view. This view was being insufficiently careful about matching the FK constraint to the depended-on primary or unique key constraint. That could result in failure to show an FK constraint at all, or showing it multiple times, or claiming that it depended on a different constraint than the one it really does. Fix by joining via pg_depend to ensure that we find only the correct dependency. Back-patch, but don't bump catversion because we can't force initdb in back branches. The next minor-version release notes should explain that if you need to fix this in an existing installation, you can drop the information_schema schema then re-create it by sourcing $SHAREDIR/information_schema.sql in each database (as a superuser of course). 15 October 2011, 00:24:50 UTC
f655c3f Tom Lane 12 October 2011, 17:59:30 UTC Improve documentation of psql's \q command. The documentation neglected to explain its behavior in a script file (it only ends execution of the script, not psql as a whole), and failed to mention the long form \quit either. 12 October 2011, 18:00:20 UTC
3a2f6b5 Heikki Linnakangas 08 October 2011, 08:17:40 UTC Don't let transform_null_equals=on affect CASE foo WHEN NULL ... constructs. transform_null_equals is only supposed to affect "foo = NULL" expressions given directly by the user, not the internal "foo = NULL" expression generated from CASE-WHEN. This fixes bug #6242, reported by Sergey. Backpatch to all supported branches. 08 October 2011, 08:21:14 UTC
b0d5469 Robert Haas 06 October 2011, 16:08:59 UTC Make pgstatindex respond to cancel interrupts. A similar problem for pgstattuple() was fixed in April of 2010 by commit 33065ef8bc52253ae855bc959576e52d8a28ba06, but pgstatindex() seems to have been overlooked. Back-patch all the way, as with that commit, though not to 7.4 through 8.1, since those are now EOL. 06 October 2011, 16:10:35 UTC
ee609b8 Tom Lane 24 September 2011, 02:12:36 UTC Fix our mapping of Windows timezones for Central America. We were mapping "Central America Standard Time" to "CST6CDT", which seems entirely wrong, because according to the Olson timezone database noplace in Central America observes daylight savings time on any regular basis --- and certainly not according to the USA DST rules that are implied by "CST6CDT". (Mexico is an exception, but they can be disregarded since they have a separate timezone name in Windows.) So, map this zone name to plain "CST6", which will provide a fixed UTC offset. As written, this patch will also result in mapping "Central America Daylight Time" to CST6. I considered hacking things so that would still map to CST6CDT, but it seems it would confuse win32tzlist.pl to put those two names in separate entries. Since there's little evidence that any such zone name is used in the wild, much less that CST6CDT would be a good match for it, I'm not too worried about what we do with it. Per complaint from Pratik Chirania. 24 September 2011, 02:14:06 UTC
cef4623 Tom Lane 22 September 2011, 22:06:36 UTC Stamp 8.3.16. 22 September 2011, 22:06:36 UTC
8c3b884 Tom Lane 22 September 2011, 21:39:38 UTC Update release notes for 9.1.1, 9.0.5, 8.4.9, 8.3.16, 8.2.22. Man, we fixed a lotta bugs since April. 22 September 2011, 21:40:35 UTC
3ffe294 Peter Eisentraut 22 September 2011, 19:13:43 UTC Translation updates 22 September 2011, 19:13:43 UTC
0bbbf59 Tom Lane 16 September 2011, 08:28:11 UTC gistendscan() forgot to free so->giststate. This oversight led to a massive memory leak --- upwards of 10KB per tuple --- during creation-time verification of an exclusion constraint based on a GIST index. In most other scenarios it'd just be a leak of 10KB that would be recovered at end of query, so not too significant; though perhaps the leak would be noticeable in a situation where a GIST index was being used in a nestloop inner indexscan. In any case, it's a real leak of long standing, so patch all supported branches. Per report from Harald Fuchs. 16 September 2011, 08:28:11 UTC
7f7ed17 Peter Eisentraut 08 September 2011, 19:09:08 UTC Add missing format argument to ecpg_log() call 08 September 2011, 19:13:27 UTC
ae423dd Tom Lane 07 September 2011, 21:06:39 UTC Fix corner case bug in numeric to_char(). Trailing-zero stripping applied by the FM specifier could strip zeroes to the left of the decimal point, for a format with no digit positions after the decimal point (such as "FM999."). Reported and diagnosed by Marti Raudsepp, though I didn't use his patch. 07 September 2011, 21:06:39 UTC
1f036c3 Tom Lane 06 September 2011, 18:50:28 UTC Avoid possibly accessing off the end of memory in SJIS2004 conversion. The code in shift_jis_20042euc_jis_2004() would fetch two bytes even when only one remained in the string. Since conversion functions aren't supposed to assume null-terminated input, this poses a small risk of fetching past the end of memory and incurring SIGSEGV. No such crash has been identified in the field, but we've certainly seen the equivalent happen in other code paths, so patch this one all the way back. Report and patch by Noah Misch. 06 September 2011, 18:51:31 UTC
3cfb602 Tom Lane 06 September 2011, 18:35:55 UTC Avoid possibly accessing off the end of memory in examine_attribute(). Since the last couple of columns of pg_type are often NULL, sizeof(FormData_pg_type) can be an overestimate of the actual size of the tuple data part. Therefore memcpy'ing that much out of the catalog cache, as analyze.c was doing, poses a small risk of copying past the end of memory and incurring SIGSEGV. No such crash has been identified in the field, but we've certainly seen the equivalent happen in other code paths, so patch this one all the way back. Per valgrind testing by Noah Misch, though this is not his proposed patch. I chose to use SearchSysCacheCopy1 rather than inventing special-purpose infrastructure for copying only the minimal part of a pg_type tuple. 06 September 2011, 18:38:11 UTC
f85efee Tom Lane 06 September 2011, 16:14:51 UTC Update type-conversion documentation for long-ago changes. This example wasn't updated when we changed the behavior of bpcharlen() in 8.0, nor when we changed the number of parameters taken by the bpchar() cast function in 7.3. Per report from lsliang. 06 September 2011, 16:15:19 UTC
4816dbd Tom Lane 05 September 2011, 18:46:31 UTC Update time zone data files to tzdata release 2011i. DST law changes in Canada, Egypt, Russia, Samoa, South Sudan. 05 September 2011, 18:47:48 UTC
95e04d3 Tom Lane 03 September 2011, 20:17:57 UTC Fix typo in pg_srand48 (srand48 in older branches). ">" should be ">>". This typo results in failure to use all of the bits of the provided seed. This might rise to the level of a security bug if we were relying on srand48 for any security-critical purposes, but we are not --- in fact, it's not used at all unless the platform lacks srandom(), which is improbable. Even on such a platform the exposure seems minimal. Reported privately by Andres Freund. 03 September 2011, 20:17:57 UTC
9746401 Andrew Dunstan 01 September 2011, 22:01:42 UTC Supply missing brace omitted by commit 12613cb6b83cac1aa1e7882e84902c445fce3e74. 01 September 2011, 22:01:42 UTC
12613cb Michael Meskes 01 September 2011, 13:27:38 UTC In ecpglib restore LC_NUMERIC in case of an error. 01 September 2011, 13:36:34 UTC
c424383 Heikki Linnakangas 01 September 2011, 06:13:37 UTC Move the line to undefine setlocale() macro on Win32 outside USE_REPL_SNPRINTF ifdef block. It has nothing to do with whether the replacement snprintf function is used. It caused no live bug, because the replacement snprintf function is always used on Win32, but it was nevertheless misplaced. 01 September 2011, 06:18:54 UTC
f81da59 Tom Lane 29 August 2011, 23:52:07 UTC Replace obsolete AC_LANG_FUNC_LINK_TRY autoconf macro. The version of this macro used in autoconf 2.59 is capable of incorrectly succeeding (ie, reporting that a library function is available when it isn't), if the compiler performs link-time optimization and decides that it can optimize the function reference away entirely. Replace it with the coding used in autoconf 2.61 and later, which forces the program result to depend on the function's result so that it cannot be optimized away. This should fix build failures currently being seen on buildfarm member anchovy. This patch affects the 8.2 and 8.3 branches only, since later branches are using autoconf versions that don't have this problem. 29 August 2011, 23:52:07 UTC
d3dcf7a Tom Lane 27 August 2011, 20:37:17 UTC Don't assume that "E" response to NEGOTIATE_SSL_CODE means pre-7.0 server. These days, such a response is far more likely to signify a server-side problem, such as fork failure. Reporting "server does not support SSL" (in sslmode=require) could be quite misleading. But the results could be even worse in sslmode=prefer: if the problem was transient and the next connection attempt succeeds, we'll have silently fallen back to protocol version 2.0, possibly disabling features the user needs. Hence, it seems best to just eliminate the assumption that backing off to non-SSL/2.0 protocol is the way to recover from an "E" response, and instead treat the server error the same as we would in non-SSL cases. I tested this change against a pre-7.0 server, and found that there was a second logic bug in the "prefer" path: the test to decide whether to make a fallback connection attempt assumed that we must have opened conn->ssl, which in fact does not happen given an "E" response. After fixing that, the code does indeed connect successfully to pre-7.0, as long as you didn't set sslmode=require. (If you did, you get "Unsupported frontend protocol", which isn't completely off base given the server certainly doesn't support SSL.) Since there seems no reason to believe that pre-7.0 servers exist anymore in the wild, back-patch to all supported branches. 27 August 2011, 20:37:17 UTC
e5d2db5 Tom Lane 27 August 2011, 18:16:35 UTC Ensure we discard unread/unsent data when abandoning a connection attempt. There are assorted situations wherein PQconnectPoll() will abandon a connection attempt and try again with different parameters (eg, SSL versus not SSL). However, the code forgot to discard any pending data in libpq's I/O buffers when doing this. In at least one case (server returns E message during SSL negotiation), there is unread input data which bollixes the next connection attempt. I have not checked to see whether this is possible in the other cases where we close the socket and retry, but it seems like a matter of good defensive programming to add explicit buffer-flushing code to all of them. This is one of several issues exposed by Daniel Farina's report of misbehavior after a server-side fork failure. This has been wrong since forever, so back-patch to all supported branches. 27 August 2011, 18:16:35 UTC
dc62704 Tom Lane 26 August 2011, 20:51:57 UTC Fix potential memory clobber in tsvector_concat(). tsvector_concat() allocated its result workspace using the "conservative" estimate of the sum of the two input tsvectors' sizes. Unfortunately that wasn't so conservative as all that, because it supposed that the number of pad bytes required could not grow. Which it can, as per test case from Jesper Krogh, if there's a mix of lexemes with positions and lexemes without them in the input data. The fix is to assume that we might add a not-previously-present pad byte for each and every lexeme in the two inputs; which really is conservative, but it doesn't seem worthwhile to try to be more precise. This is an aboriginal bug in tsvector_concat, so back-patch to all versions containing it. 26 August 2011, 20:51:57 UTC
5fd3b6a Tom Lane 25 August 2011, 03:50:31 UTC Fix pgstatindex() to give consistent results for empty indexes. For an empty index, the pgstatindex() function would compute 0.0/0.0 for its avg_leaf_density and leaf_fragmentation outputs. On machines that follow the IEEE float arithmetic standard with any care, that results in a NaN. However, per report from Rushabh Lathia, Microsoft couldn't manage to get this right, so you'd get a bizarre error on Windows. Fix by forcing the results to be NaN explicitly, rather than relying on the division operator to give that or the snprintf function to print it correctly. I have some doubts that this is really the most useful definition, but it seems better to remain backward-compatible with those platforms for which the behavior wasn't completely broken. Back-patch to 8.2, since the code is like that in all current releases. 25 August 2011, 03:50:31 UTC
f4fe6c6 Tom Lane 20 August 2011, 18:51:02 UTC Fix performance problem when building a lossy tidbitmap. As pointed out by Sergey Koposov, repeated invocations of tbm_lossify can make building a large tidbitmap into an O(N^2) operation. To fix, make sure we remove more than the minimum amount of information per call, and add a fallback path to behave sanely if we're unable to fit the bitmap within the requested amount of memory. This has been wrong since the tidbitmap code was written, so back-patch to all supported branches. 20 August 2011, 18:51:48 UTC
8407a11 Tom Lane 16 August 2011, 17:12:23 UTC Fix race condition in relcache init file invalidation. The previous code tried to synchronize by unlinking the init file twice, but that doesn't actually work: it leaves a window wherein a third process could read the already-stale init file but miss the SI messages that would tell it the data is stale. The result would be bizarre failures in catalog accesses, typically "could not read block 0 in file ..." later during startup. Instead, hold RelCacheInitLock across both the unlink and the sending of the SI messages. This is more straightforward, and might even be a bit faster since only one unlink call is needed. This has been wrong since it was put in (in 2002!), so back-patch to all supported releases. 16 August 2011, 17:12:23 UTC
d525555 Heikki Linnakangas 02 August 2011, 07:47:17 UTC Avoid integer overflow when LIMIT + OFFSET >= 2^63. This fixes bug #6139 reported by Hitoshi Harada. 02 August 2011, 08:31:46 UTC
76f7ad1 Tom Lane 28 July 2011, 18:07:23 UTC Fix pg_restore's direct-to-database mode for standard_conforming_strings. pg_backup_db.c contained a mini SQL lexer with which it tried to identify boundaries between SQL commands, but that code was not designed to cope with standard_conforming_strings, and would get the wrong answer if a backslash immediately precedes a closing single quote in such a string, as per report from Julian Mehnle. The bug only affects direct-to-database restores from archive files made with standard_conforming_strings = on. Rather than complicating the code some more to try to fix that, let's just rip it all out. The only reason it was needed was to cope with COPY data embedded into ordinary archive entries, which was a layout that was used only for about the first three weeks of the archive format's existence, and never in any production release of pg_dump. Instead, just rely on the archive file layout to tell us whether we're printing COPY data or not. This bug represents a data corruption hazard in all releases in which standard_conforming_strings can be turned on, ie 8.2 and later, so back-patch to all supported branches. 28 July 2011, 18:07:23 UTC
4810fd1 Peter Eisentraut 26 July 2011, 20:24:35 UTC Add missing newlines at end of error messages 26 July 2011, 20:24:35 UTC
ee27058 Tom Lane 25 July 2011, 03:29:27 UTC Fix previous patch so it also works if not USE_SSL (mea culpa). On balance, the need to cover this case changes my mind in favor of pushing all error-message generation duties into the two fe-secure.c routines. So do it that way. 25 July 2011, 03:29:27 UTC
5097b83 Tom Lane 24 July 2011, 20:29:30 UTC Improve libpq's error reporting for SSL failures. In many cases, pqsecure_read/pqsecure_write set up useful error messages, which were then overwritten with useless ones by their callers. Fix this by defining the responsibility to set an error message to be entirely that of the lower-level function when using SSL. Back-patch to 8.3; the code is too different in 8.2 to be worth the trouble. 24 July 2011, 20:29:30 UTC
551458b Tom Lane 24 July 2011, 19:18:12 UTC Use OpenSSL's SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag. This disables an entirely unnecessary "sanity check" that causes failures in nonblocking mode, because OpenSSL complains if we move or compact the write buffer. The only actual requirement is that we not modify pending data once we've attempted to send it, which we don't. Per testing and research by Martin Pihlak, though this fix is a lot simpler than his patch. I put the same change into the backend, although it's less clear whether it's necessary there. We do use nonblock mode in some situations in streaming replication, so seems best to keep the same behavior in the backend as in libpq. Back-patch to all supported releases. 24 July 2011, 19:18:12 UTC
201d1b2 Michael Meskes 18 July 2011, 17:18:16 UTC Adapted expected result for latest change to ecpglib. 18 July 2011, 17:18:27 UTC
1a02ef3 Michael Meskes 18 July 2011, 14:30:51 UTC Made ecpglib write double with a precision of 15 digits. Patch by Akira Kurosawa <kurosawa-akira@mxc.nes.nec.co.jp>. 18 July 2011, 14:32:42 UTC
821c072 Magnus Hagander 16 July 2011, 17:58:53 UTC Fix SSPI login when multiple roundtrips are required This fixes SSPI login failures showing "The function requested is not supported", often showing up when connecting to localhost. The reason was not properly updating the SSPI handle when multiple roundtrips were required to complete the authentication sequence. Report and analysis by Ahmed Shinwari, patch by Magnus Hagander 16 July 2011, 18:02:34 UTC
dea11bd Heikki Linnakangas 15 July 2011, 07:54:56 UTC Fix two ancient bugs in GiST code to re-find a parent after page split: First, when following a right-link, we incorrectly marked the current page as the parent of the right sibling. In reality, the parent of the right page is the same as the parent of the current page (or some page to the right of it, gistFindCorrectParent() will sort that out). Secondly, when we follow a right-link, we must prepend, not append, the right page to our list of pages to visit. That's because we assume that once we hit a leaf page in the list, all the rest are leaf pages too, and give up. To hit these bugs, you need concurrent actions and several unlucky accidents. Another backend must split the root page, while you're in process of splitting a lower-level page. Furthermore, while you scan the internal nodes to re-find the parent, another backend needs to again split some more internal pages. Even then, the bugs don't necessarily manifest as user-visible errors or index corruption. While we're at it, make the error reporting a bit better if gistFindPath() fails to re-find the parent. It used to be an assertion, but an elog() seems more appropriate. Backpatch to all supported branches. 15 July 2011, 08:06:03 UTC
f6d5c02 Peter Eisentraut 11 July 2011, 16:09:01 UTC Remove excessively backpatched gitignore files These caused directories from future releases to appear in the backbranch tree. 11 July 2011, 16:09:01 UTC
c68040d Tom Lane 05 July 2011, 16:04:40 UTC Fix psql's counting of script file line numbers during COPY. handleCopyIn incremented pset.lineno for each line of COPY data read from a file. This is correct when reading from the current script file (i.e., we are doing COPY FROM STDIN followed by in-line data), but it's wrong if the data is coming from some other file. Per bug #6083 from Steve Haslam. Back-patch to all supported versions. 05 July 2011, 16:06:41 UTC
0b7af46 Heikki Linnakangas 04 July 2011, 19:30:27 UTC Clarify that you need ActiveState perl 5.8 *or later* to build on Windows. 04 July 2011, 19:42:46 UTC
ad3aa1e Andrew Dunstan 04 July 2011, 14:12:27 UTC Back-patch Fix bat file quoting of %ENV from commit 19b7fac8. 04 July 2011, 14:12:27 UTC
8de6e94 Tom Lane 03 July 2011, 20:40:34 UTC Back-patch creation of tar.bz2 tarball during "make dist". Since commit a4d03bbcdaf7739d7e9073ee76bb186f68ddc163, "make dist" has built both gzip- and bzip2-compressed tarballs. However, this was pretty useless, because our tarball build script didn't know about it and proceeded to overwrite the bz2 file with new data. Back-patch the change to all active branches, so that creation of the tar.bz2 file can be removed from the build script. 03 July 2011, 20:40:34 UTC
ca43ce9 Tom Lane 21 June 2011, 18:41:05 UTC Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). A password containing a character with the high bit set was misprocessed on machines where char is signed (which is most). This could cause the preceding one to three characters to fail to affect the hashed result, thus weakening the password. The result was also unportable, and failed to match some other blowfish implementations such as OpenBSD's. Since the fix changes the output for such passwords, upstream chose to provide a compatibility hack: password salts beginning with $2x$ (instead of the usual $2a$ for blowfish) are intentionally processed "wrong" to give the same hash as before. Stored password hashes can thus be modified if necessary to still match, though it'd be better to change any affected passwords. In passing, sync a couple other upstream changes that marginally improve performance and/or tighten error checking. Back-patch to all supported branches. Since this issue is already public, no reason not to commit the fix ASAP. 21 June 2011, 18:42:26 UTC
4ce6714 Tom Lane 20 June 2011, 20:27:48 UTC Fix missed use of "cp -i" in an example, per Fujii Masao. Also be more careful about markup: use &amp; not just &. 20 June 2011, 20:27:48 UTC
23843d2 Tom Lane 17 June 2011, 23:13:21 UTC Don't use "cp -i" in the example WAL archive_command. This is a dangerous example to provide because on machines with GNU cp, it will silently do the wrong thing and risk archive corruption. Worse, during the 9.0 cycle somebody "improved" the discussion by removing the warning that used to be there about that, and instead leaving the impression that the command would work as desired on most Unixen. It doesn't. Try to rectify the damage by providing an example that is safe most everywhere, and then noting that you can try cp -i if you want but you'd better test that. In back-patching this to all supported branches, I also added an example command for Windows, which wasn't provided before 9.0. 17 June 2011, 23:13:21 UTC
9d167bc Tom Lane 17 June 2011, 22:19:26 UTC Obtain table locks as soon as practical during pg_dump. For some reason, when we (I) added table lock acquisition to pg_dump, we didn't think about making it happen as soon as possible after the start of the transaction. What with subsequent additions, there was actually quite a lot going on before we got around to that; which sort of defeats the purpose. Rearrange the order of calls in dumpSchema() to close the risk window as much as we easily can. Back-patch to all supported branches. 17 June 2011, 22:19:26 UTC
da02101 Robert Haas 17 June 2011, 18:28:45 UTC Add overflow checks to int4 and int8 versions of generate_series(). The previous code went into an infinite loop after overflow. In fact, an overflow is not really an error; it just means that the current value is the last one we need to return. So, just arrange to stop immediately when overflow is detected. Back-patch all the way. 17 June 2011, 18:32:55 UTC
1907dca Tom Lane 14 June 2011, 21:14:06 UTC Suppress -arch switches in the output of ExtUtils::Embed. We previously found out that OS X's standard perl installation tries to put -arch switches into Perl link commands, evidently in hopes of building universal binaries. But it doesn't work to add such switches in plperl's link step if they weren't being used earlier, so this is basically unworkable. When using gcc the result is only some warnings; but LLVM fails entirely, so this issue isn't as cosmetic as we originally thought. Hence, back-patch commit d69a419e682c2d39c2355105a7e5e2b90357c8f0 into pre-9.0 branches. 14 June 2011, 21:14:06 UTC
eb5226e Tom Lane 14 June 2011, 20:24:45 UTC Fix assorted issues with build and install paths containing spaces. Apparently there is no buildfarm critter exercising this case after all, because it fails in several places. With this patch, build, install, check-world, and installcheck-world pass for me on OS X. 14 June 2011, 20:24:45 UTC
440a528 Alvaro Herrera 13 June 2011, 21:50:30 UTC Fix aboriginal copy-paste mistake in error message Spotted by Jaime Casanova 13 June 2011, 21:53:28 UTC
6ab5835 Tom Lane 10 June 2011, 21:03:21 UTC Work around gcc 4.6.0 bug that breaks WAL replay. ReadRecord's habit of using both direct references to tmpRecPtr and references to *RecPtr (which is pointing at tmpRecPtr) triggers an optimization bug in gcc 4.6.0, which apparently has forgotten about aliasing rules. Avoid the compiler bug, and make the code more readable to boot, by getting rid of the direct references. Improve the comments while at it. Back-patch to all supported versions, in case they get built with 4.6.0. Tom Lane, with some cosmetic suggestions from Alex Hunsaker 10 June 2011, 21:03:21 UTC
376f93e Magnus Hagander 09 June 2011, 16:21:38 UTC Use the correct eventlog severity for error 09 June 2011, 16:28:07 UTC
9c04b88 Magnus Hagander 09 June 2011, 16:18:45 UTC Support silent mode for service registrations on win32 Using -s when registering a service will now suppress the application eventlog entries stating that the service is starting and started. MauMau 09 June 2011, 16:28:04 UTC
302e4e6 Peter Eisentraut 09 June 2011, 04:24:14 UTC Fix documentation of information_schema.element_types The documentation of the columns collection_type_identifier and dtd_identifier was wrong. This effectively reverts commits 8e1ccad51901e83916dae297cd9afa450957a36c and 57352df66d3a0885899d39c04c067e63c7c0ba30 and updates the name array_type_identifier (the name in SQL:1999) to collection_type_identifier. closes bug #5926 09 June 2011, 04:31:13 UTC
8287c4f Andrew Dunstan 04 June 2011, 23:37:06 UTC Allow building with perl 5.14. Patch from Alex Hunsaker. 04 June 2011, 23:37:06 UTC
28395db Peter Eisentraut 04 June 2011, 19:29:26 UTC ECPG documentation fixes Marc Cousin 04 June 2011, 19:53:16 UTC
f3f6516 Tom Lane 04 June 2011, 19:48:36 UTC Expose the "*VALUES*" alias that we generate for a stand-alone VALUES list. We were trying to make that strictly an internal implementation detail, but it turns out that it's exposed anyway when dumping a view defined like CREATE VIEW test_view AS VALUES (1), (2), (3) ORDER BY 1; This comes out as CREATE VIEW ... ORDER BY "*VALUES*".column1; which fails to parse when reloading the dump. Hacking ruleutils.c to suppress the column qualification looks like it'd be a risky business, so instead promote the RTE alias to full-fledged usability. Per bug #6049 from Dylan Adams. Back-patch to all supported branches. 04 June 2011, 19:48:36 UTC
19fed64 Tom Lane 02 June 2011, 19:31:22 UTC Clean up after erroneous SELECT FOR UPDATE/SHARE on a sequence. My previous commit disallowed this operation, but did nothing about cleaning up the damage if one had already been done. With the operation disallowed, it's okay to just forcibly clear xmax in a sequence's tuple, since any value seen there could not represent a live transaction's lock. So, any sequence-specific operation will repair the problem automatically, whether or not the user has already seen "could not access status of transaction" failures. 02 June 2011, 19:31:22 UTC
d369ddd Tom Lane 02 June 2011, 18:46:31 UTC Disallow SELECT FOR UPDATE/SHARE on sequences. We can't allow this because such an operation stores its transaction XID into the sequence tuple's xmax. Because VACUUM doesn't process sequences (and we don't want it to start doing so), such an xmax value won't get frozen, meaning it will eventually refer to nonexistent pg_clog storage, and even wrap around completely. Since the row lock is ignored by nextval and setval, the usefulness of the operation is highly debatable anyway. Per reports of trouble with pgpool 3.0, which had ill-advisedly started using such commands as a form of locking. In HEAD, also disallow SELECT FOR UPDATE/SHARE on toast tables. Although this does work safely given the current implementation, there seems no good reason to allow it. I refrained from changing that behavior in back branches, however. 02 June 2011, 18:46:31 UTC
ca76a39 Tom Lane 31 May 2011, 21:54:06 UTC Protect GIST logic that assumes penalty values can't be negative. Apparently sane-looking penalty code might return small negative values, for example because of roundoff error. This will confuse places like gistchoose(). Prevent problems by clamping negative penalty values to zero. (Just to be really sure, I also made it force NaNs to zero.) Back-patch to all supported branches. Alexander Korotkov 31 May 2011, 21:54:06 UTC
1d6dd87 Tom Lane 30 May 2011, 23:16:22 UTC Fix portability bugs in use of credentials control messages for peer auth. Even though our existing code for handling credentials control messages has been basically unchanged since 2001, it was fundamentally wrong: it did not ensure proper alignment of the supplied buffer, and it was calculating buffer sizes and message sizes incorrectly. This led to failures on platforms where alignment padding is relevant, for instance FreeBSD on 64-bit platforms, as seen in a recent Debian bug report passed on by Martin Pitt (http://bugs.debian.org//cgi-bin/bugreport.cgi?bug=612888). Rewrite to do the message-whacking using the macros specified in RFC 2292, following a suggestion from Theo de Raadt in that thread. Tested by me on Debian/kFreeBSD-amd64; since OpenBSD and NetBSD document the identical CMSG API, it should work there too. Back-patch to all supported branches. 30 May 2011, 23:16:22 UTC
f064a4f Tom Lane 28 May 2011, 16:36:04 UTC Fix null-dereference crash in parse_xml_decl(). parse_xml_decl's header comment says you can pass NULL for any unwanted output parameter, but it failed to honor this contract for the "standalone" flag. The only currently-affected caller is xml_recv, so the net effect is that sending a binary XML value containing a standalone parameter in its xml declaration would crash the backend. Per bug #6044 from Christopher Dillard. In passing, remove useless initializations of parse_xml_decl's output parameters in xml_parse. Back-patch to 8.3, where this code was introduced. 28 May 2011, 16:36:41 UTC
f014211 Tom Lane 26 May 2011, 23:25:19 UTC Make decompilation of optimized CASE constructs more robust. We had some hacks in ruleutils.c to cope with various odd transformations that the optimizer could do on a CASE foo WHEN "CaseTestExpr = RHS" clause. However, the fundamental impossibility of covering all cases was exposed by Heikki, who pointed out that the "=" operator could get replaced by an inlined SQL function, which could contain nearly anything at all. So give up on the hacks and just print the expression as-is if we fail to recognize it as "CaseTestExpr = RHS". (We must cover that case so that decompiled rules print correctly; but we are not under any obligation to make EXPLAIN output be 100% valid SQL in all cases, and already could not do so in some other cases.) This approach requires that we have some printable representation of the CaseTestExpr node type; I used "CASE_TEST_EXPR". Back-patch to all supported branches, since the problem case fails in all. 26 May 2011, 23:26:04 UTC
9a57eaf Tom Lane 24 May 2011, 18:20:08 UTC Avoid uninitialized bits in the result of QTN2QT(). Found with additional valgrind testing. Noah Misch 24 May 2011, 18:22:05 UTC
18afe42 Tom Lane 23 May 2011, 16:53:00 UTC Install defenses against overflow in BuildTupleHashTable(). The planner can sometimes compute very large values for numGroups, and in cases where we have no alternative to building a hashtable, such a value will get fed directly to BuildTupleHashTable as its nbuckets parameter. There were two ways in which that could go bad. First, BuildTupleHashTable declared the parameter as "int" but most callers were passing "long"s, so on 64-bit machines undetected overflow could occur leading to a bogus negative value. The obvious fix for that is to change the parameter to "long", which is what I've done in HEAD. In the back branches that seems a bit risky, though, since third-party code might be calling this function. So for them, just put in a kluge to treat negative inputs as INT_MAX. Second, hash_create can go nuts with extremely large requested table sizes (notably, my_log2 becomes an infinite loop for inputs larger than LONG_MAX/2). What seems most appropriate to avoid that is to bound the initial table size request to work_mem. This fixes bug #6035 reported by Daniel Schreiber. Although the reported case only occurs back to 8.4 since it involves WITH RECURSIVE, I think it's a good idea to install the defenses in all supported branches. 23 May 2011, 16:53:00 UTC
4919a20 Heikki Linnakangas 19 May 2011, 02:30:24 UTC Replace strdup() with pstrdup(), to avoid leaking memory. It's been like this since the seg module was introduced, so backpatch to 8.2 which is the oldest supported version. 19 May 2011, 02:36:14 UTC
3b65ffa Tom Lane 12 May 2011, 15:56:38 UTC Fix write-past-buffer-end in ldapServiceLookup(). The code to assemble ldap_get_values_len's output into a single string wrote the terminating null one byte past where it should. Fix that, and make some other cosmetic adjustments to make the code a trifle more readable and more in line with usual Postgres coding style. Also, free the "result" string when done with it, to avoid a permanent memory leak. Bug report and patch by Albe Laurenz, cosmetic adjustments by me. 12 May 2011, 15:57:21 UTC
c01da31 Peter Eisentraut 01 May 2011, 22:03:04 UTC Add missing gitignore file 01 May 2011, 22:05:01 UTC
9c52bad Peter Eisentraut 01 May 2011, 21:51:12 UTC Catch errors in for loop in makefile Add "|| exit" so that the rule aborts when a command fails. This is the minimal backpatch version. The fix in head is more elaborate. 01 May 2011, 22:05:01 UTC
fd384cf Tom Lane 01 May 2011, 21:57:55 UTC Make CLUSTER lock the old table's toast table before copying data. We must lock out autovacuuming of the old toast table before computing the OldestXmin horizon we will use. Otherwise, autovacuum could start on the toast table later, compute a later OldestXmin horizon, and remove as DEAD toast tuples that we still need (because we think their parent tuples are only RECENTLY_DEAD). Per further thought about bug #5998. 01 May 2011, 21:57:55 UTC
735d88e Tom Lane 29 April 2011, 20:30:02 UTC Remove special case for xmin == xmax in HeapTupleSatisfiesVacuum(). VACUUM was willing to remove a committed-dead tuple immediately if it was deleted by the same transaction that inserted it. The idea is that such a tuple could never have been visible to any other transaction, so we don't need to keep it around to satisfy MVCC snapshots. However, there was already an exception for tuples that are part of an update chain, and this exception created a problem: we might remove TOAST tuples (which are never part of an update chain) while their parent tuple stayed around (if it was part of an update chain). This didn't pose a problem for most things, since the parent tuple is indeed dead: no snapshot will ever consider it visible. But MVCC-safe CLUSTER had a problem, since it will try to copy RECENTLY_DEAD tuples to the new table. It then has to copy their TOAST data too, and would fail if VACUUM had already removed the toast tuples. Easiest fix is to get rid of the special case for xmin == xmax. This may delay reclaiming dead space for a little bit in some cases, but it's by far the most reliable way to fix the issue. Per bug #5998 from Mark Reid. Back-patch to 8.3, which is the oldest version with MVCC-safe CLUSTER. 29 April 2011, 20:30:02 UTC
67abb95 Tom Lane 29 April 2011, 05:45:21 UTC Rewrite pg_size_pretty() to avoid compiler bug. Convert it to use successive shifts right instead of increasing a divisor. This is probably a tad more efficient than the original coding, and it's nicer-looking than the previous patch because we don't need a special case to avoid overflow in the last branch. But the real reason to do it is to avoid a Solaris compiler bug, as per results from buildfarm member moa. 29 April 2011, 05:45:21 UTC
9c46b7a Heikki Linnakangas 28 April 2011, 09:51:02 UTC The arguments to pg_ctl kill are not optional - remove brackets in the docs. Fujii Masao 28 April 2011, 09:57:24 UTC
1391f1f Tom Lane 27 April 2011, 17:58:54 UTC Fix array- and path-creating functions to ensure padding bytes are zeroes. Per recent discussion, it's important for all computed datums (not only the results of input functions) to not contain any ill-defined (uninitialized) bits. Failing to ensure that can result in equal() reporting that semantically indistinguishable Consts are not equal, which in turn leads to bizarre and undesirable planner behavior, such as in a recent example from David Johnston. We might eventually try to fix this in a general manner by allowing datatypes to define identity-testing functions, but for now the path of least resistance is to expect datatypes to force all unused bits into consistent states. Per some testing by Noah Misch, array and path functions seem to be the only ones presenting risks at the moment, so I looked through all the functions in adt/array*.c and geo_ops.c and fixed them as necessary. In the array functions, the easiest/safest fix is to allocate result arrays with palloc0 instead of palloc. Possibly in future someone will want to look into whether we can just zero the padding bytes, but that looks too complex for a back-patchable fix. In the path functions, we already had a precedent in path_in for just zeroing the one known pad field, so duplicate that code as needed. Back-patch to all supported branches. 27 April 2011, 17:58:54 UTC
049e8b0 Tom Lane 25 April 2011, 20:22:24 UTC Fix pg_size_pretty() to avoid overflow for inputs close to INT64_MAX. The expression that tried to round the value to the nearest TB could overflow, leading to bogus output as reported in bug #5993 from Nicola Cossu. This isn't likely to ever happen in the intended usage of the function (if it could, we'd be needing to use a wider datatype instead); but it's not hard to give the expected output, so let's do so. 25 April 2011, 20:22:24 UTC
3c34d7e Tom Lane 21 April 2011, 00:34:27 UTC Fix bugs in indexing of in-doubt HOT-updated tuples. If we find a DELETE_IN_PROGRESS HOT-updated tuple, it is impossible to know whether to index it or not except by waiting to see if the deleting transaction commits. If it doesn't, the tuple might again be LIVE, meaning we have to index it. So wait and recheck in that case. Also, we must not rely on ii_BrokenHotChain to decide that it's possible to omit tuples from the index. That could result in omitting tuples that we need, particularly in view of yesterday's fixes to not necessarily set indcheckxmin (but it's broken even without that, as per my analysis today). Since this is just an extremely marginal performance optimization, dropping the test shouldn't hurt. These cases are only expected to happen in system catalogs (they're possible there due to early release of RowExclusiveLock in most catalog-update code paths). Since reindexing of a system catalog isn't a particularly performance-critical operation anyway, there's no real need to be concerned about possible performance degradation from these changes. The worst aspects of this bug were introduced in 9.0 --- 8.x will always wait out a DELETE_IN_PROGRESS tuple. But I think dropping index entries on the strength of ii_BrokenHotChain is dangerous even without that, so back-patch removal of that optimization to 8.3 and 8.4. 21 April 2011, 00:34:27 UTC
8cf0208 Tom Lane 19 April 2011, 22:51:12 UTC Avoid changing an index's indcheckxmin horizon during REINDEX. There can never be a need to push the indcheckxmin horizon forward, since any HOT chains that are actually broken with respect to the index must pre-date its original creation. So we can just avoid changing pg_index altogether during a REINDEX operation. This offers a cleaner solution than my previous patch for the problem found a few days ago that we mustn't try to update pg_index while we are reindexing it. System catalog indexes will always be created with indcheckxmin = false during initdb, and with this modified code we should never try to change their pg_index entries. This avoids special-casing system catalogs as the former patch did, and should provide a performance benefit for many cases where REINDEX formerly caused an index to be considered unusable for a short time. Back-patch to 8.3 to cover all versions containing HOT. Note that this patch changes the API for index_build(), but I believe it is unlikely that any add-on code is calling that directly. 19 April 2011, 22:51:12 UTC
6c0635d Tom Lane 19 April 2011, 20:59:34 UTC Revert "Prevent incorrect updates of pg_index while reindexing pg_index itself." This reverts commit 2c69fc0596e0b785dcc990d2942be89f01c213fd of 2011-04-15. There's a better way to do it, which will follow shortly. 19 April 2011, 20:59:34 UTC
2c69fc0 Tom Lane 16 April 2011, 00:19:16 UTC Prevent incorrect updates of pg_index while reindexing pg_index itself. The places that attempt to change pg_index.indcheckxmin during a reindexing operation cannot be executed safely if pg_index itself is the subject of the operation. This is the explanation for a couple of recent reports of VACUUM FULL failing with ERROR: duplicate key value violates unique constraint "pg_index_indexrelid_index" DETAIL: Key (indexrelid)=(2678) already exists. However, there isn't any real need to update indcheckxmin in such a situation, if we assume that pg_index can never contain a truly broken HOT chain. This assumption holds if new indexes are never created on it during concurrent operations, which is something we don't consider safe for any system catalog, not just pg_index. Accordingly, modify the code to not manipulate indcheckxmin when reindexing any system catalog. Back-patch to 8.3, where HOT was introduced. The known failure scenarios involve 9.0-style VACUUM FULL, so there might not be any real risk before 9.0, but let's not assume that. 16 April 2011, 00:19:16 UTC
0844f42 Marc G. Fournier 15 April 2011, 03:18:15 UTC Tag 8.3.15. 15 April 2011, 03:18:15 UTC
back to top