Skip site navigation (1) Skip section navigation (2)

cash_out bug

From: Alvaro Herrera <alvherre(at)atentus(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: cash_out bug
Date: 2002-08-12 04:33:27
Message-ID: Pine.LNX.4.44.0208112356210.29879-100000@cm-lcon1-46-187.cm.vtr.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Hello:

I was investigating the bug about "select cash_out(2)" crashing the
backend.  I thought fixing was a simple matter of checking whether some
argument to the function was NULL or not.

I added a NULL checking, but it obviously is not triggered, because the
data received is not NULL, but a non-pointer integer that cannot be
dereferenced (doing so cause a segmentation fault).

It turns out to be a far more serious bug than that, and is not limited
to cash_out.  All these functions have the same problem:

select proname from pg_proc where proargtypes=(select proargtypes from
pg_proc where proname='cash_in') and pronargs=1 and proisstrict='t'
order by proname;

With a few exceptions (the test(*) is long, as it requires one to wait for
the database to start after testing each function, but there are 16 out
of 107 functions(**) that cause backend crash).

The problem is related to PG_GETARG_POINTER in some way or another; the
dereferencing of a non-pointer integer makes the backend crash.

I, however, do not know how to fix this.  I'm just pointing out this
problem so someone more knowledgeable than me with this pointer mess can
figure a way out.

(*) The test is
SELECT="select proname from pg_proc where proargtypes=''
and pronargs=1 and proisstrict='t' order by proname;"

for i in `psql regression -c "$SELECT"`; do
	echo $i >> func_test
	psql regression -c "select $i(1);" >> func_test 2>&1
	sleep 9
done

(**) Those are:
boolout
charout
cidout
date_out
int2out
int4out
nabstimeout
oidout
regclassout
regoperatorout
regoperout
regprocedureout
regprocout
regtypeout
reltimeout
smgrout
xidout

-- 
Alvaro Herrera (<alvherre[a]atentus.com>)
"The Gord often wonders why people threaten never to come back after they've
been told never to return" (www.actsofgord.com)



Responses

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2002-08-12 04:38:16
Subject: Re: cash_out bug
Previous:From: Christopher Kings-LynneDate: 2002-08-12 04:16:55
Subject: Re: Interesting message about printf()'s in PostgreSQL

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group