Server may segfault when using slices on int2vector
| От | Ronan Dunklau |
|---|---|
| Тема | Server may segfault when using slices on int2vector |
| Дата | |
| Msg-id | 2450353.1U6Qoyzd8o@ronan_laptop обсуждение исходный текст |
| Ответы |
Re: Server may segfault when using slices on int2vector
|
| Список | pgsql-bugs |
Hello. While building a query on the pg_index relation, I came accross a bug which simplest form is manifested as this: select a.indkey[1:3], a.indkey[1:2] from pg_index as a This can result either in a segfault, a failed memory allocation or gibberish results. For example, this is a backtrace I could produce while running the above query. It turns out that the int2vector->dim1 member has a dummy value. #0 int2vectorout (fcinfo=<optimized out>) at int.c:192 #1 0x000000000071b445 in FunctionCall1Coll (flinfo=flinfo@entry=0x1ec1360, collation=collation@entry=0, arg1=arg1@entry=32251408) at fmgr.c:1297 #2 0x000000000071c58e in OutputFunctionCall (flinfo=0x1ec1360, val=32251408) at fmgr.c:1950 #3 0x000000000046977d in printtup (slot=0x1ec0300, self=0x1e34c28) at printtup.c:359 #4 0x000000000057eae2 in ExecutePlan (dest=0x1e34c28, direction=<optimized out>, numberTuples=0, sendTuples=1 '\001', operation=CMD_SELECT, planstate=0x1ebff10, estate=0x1ebfe00) at execMain.c:1499 #5 standard_ExecutorRun (queryDesc=0x1e96320, direction=<optimized out>, count=0) at execMain.c:308 #6 0x0000000000652fc8 in PortalRunSelect (portal=portal@entry=0x1ee2680, forward=forward@entry=1 '\001', count=0, count@entry=9223372036854775807, dest=dest@entry=0x1e34c28) at pquery.c:946 #7 0x000000000065432f in PortalRun (portal=portal@entry=0x1ee2680, count=count@entry=9223372036854775807, isTopLevel=isTopLevel@entry=1 '\001', dest=dest@entry=0x1e34c28, altdest=altdest@entry=0x1e34c28, completionTag=completionTag@entry=0x7fff90242090 "") at pquery.c:790 #8 0x00000000006520e5 in exec_simple_query (query_string=0x1e7cfa0 "select \n a.indkey[1:3],\n a.indkey[1:2]\nfrom pg_index as a;") at postgres.c:1048 #9 PostgresMain (argc=<optimized out>, argv=argv@entry=0x1e1b8e8, dbname=0x1e1b798 "postgres", username=<optimized out>) at postgres.c:3992 #10 0x000000000046607d in BackendRun (port=0x1e39b30) at postmaster.c:4085 #11 BackendStartup (port=0x1e39b30) at postmaster.c:3774 #12 ServerLoop () at postmaster.c:1585 #13 0x00000000006123b1 in PostmasterMain (argc=argc@entry=3, argv=argv@entry=0x1e19550) at postmaster.c:1240 #14 0x00000000004669f5 in main (argc=3, argv=0x1e19550) at main.c:196 -- Ronan Dunklau http://dalibo.com - http://dalibo.org
В списке pgsql-bugs по дате отправления: