Quick Links

memory destruction in 6.4

From:	Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp>
To:	hackers(at)postgreSQL(dot)org
Cc:	t-ishii(at)sra(dot)co(dot)jp
Subject:	memory destruction in 6.4
Date:	1998-12-08 08:45:34
Message-ID:	199812080845.RAA05792@srapc451.sra.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

While investigating a user's complaint, I have found some memory
destructions in 6.4 source using purify.

(1) parser/gram.y:fmtId()

It writes n+3 bytes into n+1 byte-long memory area if mixed case or
non-ascii identifiers given.

(2) catalog/index.c:

ATTRIBUTE_TUPLE_SIZE bytes are allocated but
sizeof(FormData_pg_attribute) bytes are written. Note that
ATTRIBUTE_TUPLE_SIZE is smaller than
sizeof(FormData_pg_attribute). (for example, on solaris 2.6,
ATTRIBUTE_TUPLE_SIZE is 3 bytes smaller).

Attached patches try to fix the problem. I do not check all of sources
and there may be similar mistakes remained, however.
--
Tatsuo Ishii
----------------------------- cut here -----------------------------------
*** postgresql-v6.4/src/backend/parser/gram.y.orig Tue Dec 8 11:26:32 1998
--- postgresql-v6.4/src/backend/parser/gram.y Tue Dec 8 11:27:00 1998
***************
*** 5125,5131 ****
if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;

if (*cp != '\0') {
! cp = palloc(strlen(rawid)+1);
strcpy(cp,"\"");
strcat(cp,rawid);
strcat(cp,"\"");
--- 5125,5131 ----
if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;

if (*cp != '\0') {
! cp = palloc(strlen(rawid)+3);
strcpy(cp,"\"");
strcat(cp,rawid);
strcat(cp,"\"");
*** postgresql-v6.4/src/backend/catalog/index.c.orig Tue Dec 8 11:41:20 1998
--- postgresql-v6.4/src/backend/catalog/index.c Tue Dec 8 14:14:29 1998
***************
*** 649,655 ****
value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);

init_tuple = heap_addheader(Natts_pg_attribute,
! sizeof *(indexRelation->rd_att->attrs[0]),
(char *) (indexRelation->rd_att->attrs[0]));

hasind = false;
--- 649,655 ----
value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);

init_tuple = heap_addheader(Natts_pg_attribute,
! ATTRIBUTE_TUPLE_SIZE,
(char *) (indexRelation->rd_att->attrs[0]));

hasind = false;
***************
*** 689,695 ****
*/
memmove(GETSTRUCT(cur_tuple),
(char *) indexTupDesc->attrs[i],
! sizeof(FormData_pg_attribute));

value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);

--- 689,695 ----
*/
memmove(GETSTRUCT(cur_tuple),
(char *) indexTupDesc->attrs[i],
! ATTRIBUTE_TUPLE_SIZE);

value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);

Responses

Re: [HACKERS] memory destruction in 6.4 at 1998-12-08 09:32:52 from Constantin Teodorescu
Re: [HACKERS] memory destruction in 6.4 at 1998-12-13 04:37:38 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter T Mount	1998-12-08 08:58:31	Problems
Previous Message	Constantin Teodorescu	1998-12-08 07:38:11	Re: libpgtcl.dll for Windows