| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | t-ishii(at)sra(dot)co(dot)jp (Tatsuo Ishii) |
| Cc: | hackers(at)postgreSQL(dot)org, t-ishii(at)sra(dot)co(dot)jp |
| Subject: | Re: [HACKERS] memory destruction in 6.4 |
| Date: | 1998-12-13 04:37:38 |
| Message-ID: | 199812130437.XAA14252@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Applied to both trees.
> While investigating a user's complaint, I have found some memory
> destructions in 6.4 source using purify.
>
> (1) parser/gram.y:fmtId()
>
> It writes n+3 bytes into n+1 byte-long memory area if mixed case or
> non-ascii identifiers given.
>
> (2) catalog/index.c:
>
> ATTRIBUTE_TUPLE_SIZE bytes are allocated but
> sizeof(FormData_pg_attribute) bytes are written. Note that
> ATTRIBUTE_TUPLE_SIZE is smaller than
> sizeof(FormData_pg_attribute). (for example, on solaris 2.6,
> ATTRIBUTE_TUPLE_SIZE is 3 bytes smaller).
>
> Attached patches try to fix the problem. I do not check all of sources
> and there may be similar mistakes remained, however.
> --
> Tatsuo Ishii
> ----------------------------- cut here -----------------------------------
> *** postgresql-v6.4/src/backend/parser/gram.y.orig Tue Dec 8 11:26:32 1998
> --- postgresql-v6.4/src/backend/parser/gram.y Tue Dec 8 11:27:00 1998
> ***************
> *** 5125,5131 ****
> if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;
>
> if (*cp != '\0') {
> ! cp = palloc(strlen(rawid)+1);
> strcpy(cp,"\"");
> strcat(cp,rawid);
> strcat(cp,"\"");
> --- 5125,5131 ----
> if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;
>
> if (*cp != '\0') {
> ! cp = palloc(strlen(rawid)+3);
> strcpy(cp,"\"");
> strcat(cp,rawid);
> strcat(cp,"\"");
> *** postgresql-v6.4/src/backend/catalog/index.c.orig Tue Dec 8 11:41:20 1998
> --- postgresql-v6.4/src/backend/catalog/index.c Tue Dec 8 14:14:29 1998
> ***************
> *** 649,655 ****
> value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);
>
> init_tuple = heap_addheader(Natts_pg_attribute,
> ! sizeof *(indexRelation->rd_att->attrs[0]),
> (char *) (indexRelation->rd_att->attrs[0]));
>
> hasind = false;
> --- 649,655 ----
> value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);
>
> init_tuple = heap_addheader(Natts_pg_attribute,
> ! ATTRIBUTE_TUPLE_SIZE,
> (char *) (indexRelation->rd_att->attrs[0]));
>
> hasind = false;
> ***************
> *** 689,695 ****
> */
> memmove(GETSTRUCT(cur_tuple),
> (char *) indexTupDesc->attrs[i],
> ! sizeof(FormData_pg_attribute));
>
> value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
>
> --- 689,695 ----
> */
> memmove(GETSTRUCT(cur_tuple),
> (char *) indexTupDesc->attrs[i],
> ! ATTRIBUTE_TUPLE_SIZE);
>
> value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
>
>
>
--
Bruce Momjian | http://www.op.net/~candle
maillist(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1998-12-13 04:42:07 | Re: [HACKERS] memory destruction in 6.4u |
| Previous Message | Bruce Momjian | 1998-12-13 04:34:19 | Re: [HACKERS] Cursor Movement - Past the End |