On Mon, Feb 19, 2024 at 8:30 PM Alexander Lakhin <exclus...@gmail.com> wrote: > > Hello Ashutosh, > > 19.02.2024 15:17, Ashutosh Bapat wrote: > > > >> Functions ATExecAddIdentity() and ATExecDropIdentity() are recursive too, > >> so I think they can be exploited as well. > > not just Identity related functions, but many other functions in > > tablecmds.c have that problem as I mentioned earlier. > > > > Could you please name functions, which you suspect, for me to recheck them? > Perhaps we should consider fixing all of such functions, in light of > b0f7dd915 and d57b7cc33...
Looks like the second commit has fixed all other places I knew except Identity related functions. So worth fixing identity related functions too. I see dropconstraint_internal() has two calls to check_stack_depth() back to back. The second one is not needed? -- Best Wishes, Ashutosh Bapat
