Re: PG crash on simple query, story continues

>> !if error happend, xfrmlen will be (size_t)-1
>No it won't; see the man page for strxfrm.

RETURN VALUES
Upon successful completion, strxfrm() returns the length of
the transformed string (not including the terminating null
byte). If the value returned is n or more, the contents of
the array pointed to by s1 are indeterminate.

On failure, strxfrm() returns (size_t)-1.

but you a right it is strxfrm() that returns more than allowed,
most likely in following condition:
strxfrm(xfrmstr, val, 0)

a null terminator extra.

I am on SunOS 5.8,
BTW on Linux it works....

-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Tuesday, July 08, 2003 11:45 AM
To: Maksim Likharev
Cc: pgsql-general(at)postgresql(dot)org; pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] PG crash on simple query, story continues

"Maksim Likharev" <mlikharev(at)aurigin(dot)com> writes:
> ! I would say very interesting aproach,
> ! why not just
> xfrmsize = strxfrm(xfrmstr, NULL, 0);

strxfrm doesn't work that way (and if it did, it would give back a
malloc'd not a palloc'd string).

> !if error happend, xfrmlen will be (size_t)-1

No it won't; see the man page for strxfrm.

This does raise an interesting thought though: what platform are you on?
It seems to me that we've heard of buggy versions of strxfrm that write
more bytes than they're allowed to, thereby clobbering palloc's data
structures.

regards, tom lane