On 13 July 2010 16:44, Thom Brown <thombrown@gmail.com> wrote:
> On 13 July 2010 16:31, Dave Page <dpage@pgadmin.org> wrote:
>> We had a report of the above error from a pgAdmin user testing
>> 1.12.0b3 with PG 9.0b3. The (highly simplified) query below works fine
>> as a superuser:
>>
>> SELECT pg_get_expr(proargdefaults, 'pg_catalog.pg_class'::regclass)
>> FROM pg_proc pr
>> LEFT OUTER JOIN pg_description des ON des.objoid=pr.oid
>>
>> Run as a regular user though, we get the error. If I remove the join,
>> it works fine as the normal user. This is in a database owned by the
>> regular user.
>>
>> Am I missing something obvious, or is there a bug here? pg_get_expr is
>> used pretty extensively in pgAdmin, so we're obviously keen to ensure
>> it works :-)
>>
>
> I tested this on both beta2 and beta3 and can confirm that it works on
> beta2 but produces the following error in beta3:
>
> ********** Error **********
>
> ERROR: argument to pg_get_expr() must come from system catalogs
> SQL state: 42501
>
> Thom
>
And here's why:
http://archives.postgresql.org/pgsql-committers/2010-06/msg00259.php
"stringToNode() and deparse_expression_pretty() crash on invalid input,
but we have nevertheless exposed them to users via pg_get_expr(). It would
be too much maintenance effort to rigorously check the input, so put a hack
in place instead to restrict pg_get_expr() so that the argument must come
from one of the system catalog columns known to contain valid expressions."
Thom
