SegFault in 7.0.3 libpq.so.2.1

Hi all,

if this is already known, I'm sorry. My search in the Mailing list archives
via the web interface yielded nothing.

In my setup, which is RedHat 7.0, libc-2.2, glibc 2.96 (yes, the bad one)
and perl 5.6.0 with DBI-1.14 and DBD-Pg-0.95 libpq.so.2.1 segfaults due to
a null pointer dereference in printfPQExpBuffer.


This is my gdb output so far:

[hekker@rincewind dnsadmin2]$ gdb /usr/bin/perl core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(no debugging symbols found)...
Core was generated by `perl zonemod.pl addzone nudl.bla'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from
/usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBI/DBI.so..
.done.
Loaded symbols for
/usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBI/DBI.so
Reading symbols from
/usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBD/Pg/Pg.so
...done.
Loaded symbols for
/usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBD/Pg/Pg.so
Reading symbols from /opt/postgres/lib/libpq.so.2.1...done.
Loaded symbols for /opt/postgres/lib/libpq.so.2.1
#0  _IO_vsnprintf (string=0x0, maxlen=255,   format=0x401f5ce0 "PQsendQuery() -- There is no connection to the
backend.\n
---Type <return> to continue, or q <return> to quit---q
Quit
) at vsnprintf.c:127
127     vsnprintf.c: No such file or directory.
(gdb) bt
#0  _IO_vsnprintf (string=0x0, maxlen=255,   format=0x401f5ce0 "PQsendQuery() -- There is no connection to the
backend.\n
", args=0xbffff620) at vsnprintf.c:127
#1  0x401f4c2f in printfPQExpBuffer () from /opt/postgres/lib/libpq.so.2.1
#2  0x401f0307 in PQsendQuery () from /opt/postgres/lib/libpq.so.2.1
#3  0x401f0dc9 in PQexec () from /opt/postgres/lib/libpq.so.2.1
#4  0x401e455c in dbd_db_commit ()  from /usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBD/Pg/Pg.so
#5  0x401e10c6 in XS_DBD__Pg__db_commit ()  from /usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBD/Pg/Pg.so
#6  0x401d57f7 in XS_DBI_dispatch ()  from /usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/DBI/DBI.so
#7  0x809ddae in Perl_pp_entersub ()
#8  0x809865a in Perl_runops_standard ()
#9  0x805bfbe in perl_run ()
#10 0x805bd22 in perl_run ()
#11 0x8059a11 in main ()
#12 0x40074a7c in __libc_start_main (main=0x80599a0 <main>, argc=4,   ubp_av=0xbffffa4c, init=0x8058b80 <_init>,
fini=0x80df51c
<_fini>,   rtld_fini=0x4000d684 <_dl_fini>, stack_end=0xbffffa44)   at ../sysdeps/generic/libc-start.c:111


In this case, I called $dbh->commit on the database handler in Perl.
Apparantely the connection was not valid at that point. I noticed segfaults
in several such conditions (performing operations on a database handler
with invalid connection).

I was able to trace it back (not to hard anyway, given above output). A
simple check avoids these segfaults, although now an operation on an
illegal dbh just returns an error without message:

A simple check avoids this segfault:

*** pqexpbuffer.c       Fri Jan 19 13:10:48 2001
--- pqexpbuffer.c.new   Fri Jan 19 13:10:42 2001
***************
*** 167,172 ****
--- 167,173 ----       size_t          avail;       int                     nprinted;

+       if (str->data == NULL) return;       resetPQExpBuffer(str);
       for (;;)


As this was my first peek into the source of PostgreSQL I can't provide
more details. 


Greets,

-- 
Heinz Ekker, Operations Center 
Netway Communications AG, Hollandstraße 11-13, A-1020 Wien
phone +43 1 99 599 200/fax +43 1 99 599 191
http://www.netway.at/ mailto:hekker@netway.at