Alexander Korotkov <aekorotkov@gmail.com> writes:
> With current head I can't load delicious dataset into jsonb format. I got
> segfault. It looks like memory corruption.
The proximate cause of this seems to be that reserveFromBuffer() fails
to consider the possibility that it needs to more-than-double the
current buffer size. This change makes the crash go away for me:
diff --git a/src/backend/utils/adt/jsonb_util.c b/src/backend/utils/adt/jsonb_util.c
index 832a08d..0c4af04 100644
*** a/src/backend/utils/adt/jsonb_util.c
--- b/src/backend/utils/adt/jsonb_util.c
*************** reserveFromBuffer(convertState *buffer,
*** 1186,1192 **** /* Make more room if needed */ if (buffer->len + len > buffer->allocatedsz) {
! buffer->allocatedsz *= 2; buffer->buffer = repalloc(buffer->buffer, buffer->allocatedsz); }
--- 1186,1195 ---- /* Make more room if needed */ if (buffer->len + len > buffer->allocatedsz) {
! do
! {
! buffer->allocatedsz *= 2;
! } while (buffer->len + len > buffer->allocatedsz); buffer->buffer = repalloc(buffer->buffer,
buffer->allocatedsz); }
However, what it looks to me like we've got here is a very bad
reimplementation of StringInfo buffers. There is for example no
integer-overflow checking here. Rather than try to bring this code
up to speed, I think we should rip it out and use StringInfo.
regards, tom lane