Fix NULLIF()'s handling of read-write expanded objects. If passed a read-write expanded object pointer, the EEOP_NULLIF code would hand that same pointer to the equality function and then (unless equality was reported) also return the same pointer as its value. This is no good, because a function that receives a read-write expanded object pointer is fully entitled to scribble on or even delete the object, thus corrupting the NULLIF output. (This problem is likely unobservable with the equality functions provided in core Postgres, but it's easy to demonstrate with one coded in plpgsql.)
To fix, make sure the pointer passed to the equality function is read-only. We can still return the original read-write pointer as the NULLIF result, allowing optimization of later operations. Per bug #18722 from Alexander Lakhin. This has been wrong since we invented expanded objects, so back-patch to all supported branches. Discussion: https://postgr.es/m/18722-fd9e645448cc7...@postgresql.org Branch ------ REL_15_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/80cd33bad172c6d625f04d3b4f74f8f00c2a58de Modified Files -------------- src/backend/executor/execExpr.c | 8 ++++++++ src/backend/executor/execExprInterp.c | 14 +++++++++++++- src/backend/jit/llvm/llvmjit_expr.c | 33 +++++++++++++++++++++++++++++---- src/include/executor/execExpr.h | 1 + src/test/regress/expected/case.out | 8 ++++++++ src/test/regress/sql/case.sql | 5 +++++ 6 files changed, 64 insertions(+), 5 deletions(-)
