Re: BUG #16176: NULL value returned by category_sql argument tocrosstab() causes segmentation fault

Поиск
Список
Период
Сортировка
От Joe Conway
Тема Re: BUG #16176: NULL value returned by category_sql argument tocrosstab() causes segmentation fault
Дата
Msg-id 8d8ef71e-a347-67be-696a-3bdd259ec9fb@joeconway.com
обсуждение исходный текст
Ответ на Re: BUG #16176: NULL value returned by category_sql argument to crosstab() causes segmentation fault  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: BUG #16176: NULL value returned by category_sql argument to crosstab() causes segmentation fault  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-bugs
Дерево обсуждения 
On 12/20/19 1:00 PM, Tom Lane wrote:
> PG Bug reporting form <noreply@postgresql.org> writes:
>>     -- this will crash pg12, but not version() < 12 - note NULL value in
>> categories query:
>>     select * from crosstab ('values (1, 2, 12), (1, 3, 13), (2, 2, 22), (2,
>> 3, 23), (3, 2, 32), (3, 3, 33) order by 1, 2, 3', 'values (2), (null)') as
>> rr (a int, "2" int, "3" int);
>
> Yeah, duplicated here.  It seems tablefunc is passing a NULL string
> pointer to sprintf().  Previously, that would work on some platforms
> and crash on others --- as of v12, it crashes everywhere.
>
> What we need here is to figure out what the hashtab string key ought
> to be for a NULL category.  I suspect what was happening before
> (on non-crashing platforms) was that you implicitly got "(nil)"
> or some spelling like that, which is not great because it could
> conflict with a valid user key.  Alternatively, we could refuse
> NULL category values ... not sure if that's desirable.
>
> Anyway, this is *not* a new bug, it's just possible to hit it on
> more platforms now.

It appears that in pg11 (and presumably prior) when snprintf() is called
it is resolved (here at least )to __GI___snprintf() which comes directly
from libc. On my desktop machine the system snprintf() deals with a null
pointer argument without crashing. I guess this is why the crash was
platform dependent.

In pg12 (and presumably master), it is resolved to our own port function
pg_snprintf(), which in turn works its way to dopr(), where strlen() is
called on a null pointer and "<boom>". Undoubtedly strlen() is a bit
more consistent than snprintf() across platforms in this regard.

From what I can see, even on pg11 and prior, having a null category
never did anything useful. And in the 16 years or so since this has been
around, no one in my memory ever asked for that functionality, so I am
inclined to refuse NULL category values unless someone wants to make a
good case otherwise.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
Вложения

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tomas Vondra
Дата:
Сообщение: Re: Indexing on JSONB field not working
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #16104: Invalid DSA Memory Alloc Request in Parallel Hash