From: Chao Li <li.evan.chao@gmail.com>
Message-Id: <83AF10FE-7655-43DF-A302-3CAC796B572F@gmail.com>
Content-Type: multipart/mixed;
	boundary="Apple-Mail=_DA07ABE3-07C9-4063-AA92-71EB81B51BE9"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.600.51.1.1\))
Subject: Re: Avoid leaking system path from pg_available_extensions
Date: Tue, 26 May 2026 15:14:25 +0800
In-Reply-To: <87c8f8ac-614b-4679-afc7-f591b76c8ff7@gmail.com>
Cc: Jim Jones <jim.jones@uni-muenster.de>,
 PostgreSQL-development <pgsql-hackers@postgresql.org>,
 Andrew Dunstan <andrew@dunslane.net>
To: Matheus Alcantara <matheusssilv97@gmail.com>
References: <357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com>
 <96203151-6929-4d88-85a0-d552ee258a24@gmail.com>
 <cf40d36e-e45a-41c2-aea1-7834bcb62da9@uni-muenster.de>
 <87c8f8ac-614b-4679-afc7-f591b76c8ff7@gmail.com>
Archived-At: 
 <https://www.postgresql.org/message-id/83AF10FE-7655-43DF-A302-3CAC796B572F%40gmail.com>
Precedence: bulk


--Apple-Mail=_DA07ABE3-07C9-4063-AA92-71EB81B51BE9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On May 22, 2026, at 23:40, Matheus Alcantara =
<matheusssilv97@gmail.com> wrote:
>=20
> On 22/05/26 04:25, Jim Jones wrote:
>> On 21/05/2026 17:12, Matheus Alcantara wrote:
>>> I've reproduced the issue and the fix looks correct to me.
>> same here, +1
>=20
> Thank you for also testing.
>=20
>> I was wondering if creating a constant for it would be, stylistically
>> speaking, a cleaner solution. For instance:
>> #define EXTENSION_SYSTEM_MACRO  "$system"
>> I realize that it's used only inside =
get_extension_control_directories()
>> but since it is even mentioned in the docs, I guess it wouldn't be a =
bad
>> idea.
>=20
> I'm not against it but I don't think that it's necessary since as you =
mention, only get_extension_control_directories() use.
>=20
> --
> Matheus Alcantara
> EDB: https://www.enterprisedb.com

In theory, I=E2=80=99m not against the idea either. In practice, there =
are many hard-coded strings in the source tree, and I=E2=80=99m not sure =
where the right place would be to define this macro.

Since this string is only used in get_extension_control_directories(), =
and now it is used three times, I defined it at the beginning of the =
function and undefined it at the end. Let=E2=80=99s see if there are any =
objections to that.

Please see the attached v2.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/


--Apple-Mail=_DA07ABE3-07C9-4063-AA92-71EB81B51BE9
Content-Disposition: attachment;
	filename=v2-0001-Avoid-leaking-system-path-from-pg_available_exten.patch
Content-Type: application/octet-stream;
	x-unix-mode=0644;
	name="v2-0001-Avoid-leaking-system-path-from-pg_available_exten.patch"
Content-Transfer-Encoding: quoted-printable

=46rom=20eaf271a14944df7df87601827f5f5e4909e38c33=20Mon=20Sep=2017=20=
00:00:00=202001=0AFrom:=20"Chao=20Li=20(Evan)"=20<lic@highgo.com>=0A=
Date:=20Wed,=2020=20May=202026=2008:49:15=20+0800=0ASubject:=20[PATCH=20=
v2]=20Avoid=20leaking=20system=20path=20from=20pg_available_extensions=0A=
=0AThe=20documentation=20says=20that=20when=20extension_control_path=20=
is=20set=20to=20an=0Aempty=20string,=20the=20default=20'$system'=20path=20=
is=20still=20assumed.=20=20However,=0A=
get_extension_control_directories()=20added=20the=20system=20extension=20=
directory=0Awith=20a=20NULL=20macro=20in=20that=20case.=20=20As=20a=20=
result,=20pg_available_extensions=0Acould=20expose=20the=20expanded=20=
system=20directory=20path=20instead=20of=20reporting=0A'$system'=20as=20=
the=20location.=0A=0ARecord=20the=20implicitly-added=20system=20=
directory=20with=20the=20'$system'=20macro,=20so=0A=
pg_available_extensions=20reports=20the=20documented=20symbolic=20=
location=20and=20does=0Anot=20leak=20the=20actual=20system=20path.=0A=0A=
Update=20the=20extension_control_path=20TAP=20test=20to=20check=20the=20=
reported=20location=0Adirectly.=0A=0AAuthor:=20Chao=20Li=20=
<lic@highgo.com>=0AReviewed-by:=20Lu=20Feng=20<fnlo1995@gmail.com>=0A=
Reviewed-by:=20Matheus=20Alcantara=20<matheusssilv97@gmail.com>=0A=
Reviewed-by:=20Jim=20Jones=20<jim.jones@uni-muenster.de>=0ADiscussion:=20=
https://postgr.es/m/357C774A-ECE9-4455-B641-315205D4D9A1@gmail.com=0A---=0A=
=20src/backend/commands/extension.c=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20|=208=20+++++---=0A=20=
.../test_extensions/t/001_extension_control_path.pl=20=20=20=20=20=20=20=
|=206=20+++---=0A=202=20files=20changed,=208=20insertions(+),=206=20=
deletions(-)=0A=0Adiff=20--git=20a/src/backend/commands/extension.c=20=
b/src/backend/commands/extension.c=0Aindex=20a330b5fd6ce..d073585c421=20=
100644=0A---=20a/src/backend/commands/extension.c=0A+++=20=
b/src/backend/commands/extension.c=0A@@=20-513,6=20+513,7=20@@=20=
is_extension_script_filename(const=20char=20*filename)=0A=20static=20=
List=20*=0A=20get_extension_control_directories(void)=0A=20{=0A+#define=20=
EXTENSION_SYSTEM_MACRO=20=20"$system"=0A=20=09char=09=09=
sharepath[MAXPGPATH];=0A=20=09char=09=20=20=20*system_dir;=0A=20=09char=09=
=20=20=20*ecp;=0A@@=20-526,7=20+527,7=20@@=20=
get_extension_control_directories(void)=0A=20=09{=0A=20=09=09=
ExtensionLocation=20*location=20=3D=20palloc_object(ExtensionLocation);=0A=
=20=0A-=09=09location->macro=20=3D=20NULL;=0A+=09=09location->macro=20=3D=20=
pstrdup(EXTENSION_SYSTEM_MACRO);=0A=20=09=09location->loc=20=3D=20=
system_dir;=0A=20=09=09paths=20=3D=20lappend(paths,=20location);=0A=20=09=
}=0A@@=20-556,10=20+557,10=20@@=20=
get_extension_control_directories(void)=0A=20=09=09=09=20*=20Substitute=20=
the=20path=20macro=20if=20needed=20or=20append=20"extension"=0A=20=09=09=09=
=20*=20suffix=20if=20it=20is=20a=20custom=20extension=20control=20path.=0A=
=20=09=09=09=20*/=0A-=09=09=09if=20(strcmp(piece,=20"$system")=20=3D=3D=20=
0)=0A+=09=09=09if=20(strcmp(piece,=20EXTENSION_SYSTEM_MACRO)=20=3D=3D=20=
0)=0A=20=09=09=09{=0A=20=09=09=09=09location->macro=20=3D=20=
pstrdup(piece);=0A-=09=09=09=09mangled=20=3D=20=
substitute_path_macro(piece,=20"$system",=20system_dir);=0A+=09=09=09=09=
mangled=20=3D=20substitute_path_macro(piece,=20EXTENSION_SYSTEM_MACRO,=20=
system_dir);=0A=20=09=09=09}=0A=20=09=09=09else=0A=20=09=09=09{=0A@@=20=
-582,6=20+583,7=20@@=20get_extension_control_directories(void)=0A=20=09}=0A=
=20=0A=20=09return=20paths;=0A+#undef=20EXTENSION_SYSTEM_MACRO=0A=20}=0A=20=
=0A=20/*=0Adiff=20--git=20=
a/src/test/modules/test_extensions/t/001_extension_control_path.pl=20=
b/src/test/modules/test_extensions/t/001_extension_control_path.pl=0A=
index=20c1cec0dc622..4a013a7da4b=20100644=0A---=20=
a/src/test/modules/test_extensions/t/001_extension_control_path.pl=0A+++=20=
b/src/test/modules/test_extensions/t/001_extension_control_path.pl=0A@@=20=
-109,10=20+109,10=20@@=20is($ret,=20"t",=0A=20=09"\$system=20extension=20=
is=20shown=20correctly=20in=20pg_available_extensions");=0A=20=0A=20$ret=20=
=3D=20$node->safe_psql('postgres',=0A-=09"set=20extension_control_path=20=
=3D=20'';=20select=20count(*)=20>=200=20as=20ok=20from=20=
pg_available_extensions=20where=20name=20=3D=20'plpgsql'"=0A+=09"set=20=
extension_control_path=20=3D=20'';=20select=20location=20from=20=
pg_available_extensions=20where=20name=20=3D=20'plpgsql'"=0A=20);=0A=
-is($ret,=20"t",=0A-=09"\$system=20extension=20is=20shown=20correctly=20=
in=20pg_available_extensions=20with=20empty=20extension_control_path"=0A=
+is($ret,=20"\$system",=0A+=09"\$system=20location=20is=20shown=20=
correctly=20in=20pg_available_extensions=20with=20empty=20=
extension_control_path"=0A=20);=0A=20=0A=20#=20Test=20with=20an=20=
extension=20that=20does=20not=20exists=0A--=20=0A2.50.1=20(Apple=20=
Git-155)=0A=0A=

--Apple-Mail=_DA07ABE3-07C9-4063-AA92-71EB81B51BE9--