| From: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> |
|---|---|
| To: | cilizili(at)protonmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16144: Segmentation fault on dict_int extension |
| Date: | 2019-12-03 18:06:53 |
| Message-ID: | 20191203180653.dyuopwzpvz2iqz2c@development |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, Dec 03, 2019 at 06:52:11PM +0100, Tomas Vondra wrote:
>On Mon, Dec 02, 2019 at 05:19:20PM +0100, Tomas Vondra wrote:
>>On Mon, Dec 02, 2019 at 12:41:21PM +0000, PG Bug reporting form wrote:
>>>The following bug has been logged on the website:
>>>
>>>Bug reference: 16144
>>>Logged by: cili
>>>Email address: cilizili(at)protonmail(dot)com
>>>PostgreSQL version: 12.1
>>>Operating system: CentOS 7.4
>>>Description:
>>>
>>>The dict_int extension is an example of an add-on dictionary template for
>>>full-text search. The 'intdict' is a built-in dictionary. If we set MAXLEN
>>>parameter with negative value for the dictionary, ts_lexize function causes
>>>a segmentation fault. The negative limit for MAXLEN which causes
>>>segmentation fault is environment dependent.
>>>
>>># initdb
>>># pg_ctl -D /var/lib/pgsql/data -l logfile start
>>># psql
>>>
>>>postgres=# CREATE EXTENSION dict_int;
>>>CREATE EXTENSION
>>>postgres=# ALTER TEXT SEARCH DICTIONARY intdict (MAXLEN = -214783648);
>>>ALTER TEXT SEARCH DICTIONARY
>>>postgres=# select ts_lexize('intdict', '12345678');
>>>server closed the connection unexpectedly
>>> This probably means the server terminated abnormally
>>> before or while processing the request.
>>>The connection to the server was lost. Attempting reset: Failed.
>>>!>
>>>!>\q
>>>
>>
>>Yeah, this seems to be a failure in evaluating maxlen parameter. It's
>>set to 6 by default, but we simply trust whatever value the user gives
>>us, and then we do this
>>
>> txt[d->maxlen] = '\0';
>>
>>which fails for obvious reasons.
>>
>>Will fix by rejecting maxlen values less than 1. The docs don't say
>>which value should the the minimum, but 0 seems useless.
>>
>
>I've pushed a fix for this, rejecting maxlen values less than 1. I also
>backpatched this to all supported releases (the issue exists since 9.3).
>
Damn, a silly typo in the commit subject (leat -> least) ... :-/
regards
--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mahendra Singh | 2019-12-03 18:22:39 | Re: BUG #16145: Not able to terminate active session |
| Previous Message | Tomas Vondra | 2019-12-03 17:52:11 | Re: BUG #16144: Segmentation fault on dict_int extension |