From: | Tatsuo Ishii <t-ishii(at)sra(dot)co(dot)jp> |
---|---|
To: | hackers(at)postgreSQL(dot)org |
Cc: | t-ishii(at)sra(dot)co(dot)jp |
Subject: | memory destruction in 6.4 |
Date: | 1998-12-08 08:45:34 |
Message-ID: | 199812080845.RAA05792@srapc451.sra.co.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
While investigating a user's complaint, I have found some memory
destructions in 6.4 source using purify.
(1) parser/gram.y:fmtId()
It writes n+3 bytes into n+1 byte-long memory area if mixed case or
non-ascii identifiers given.
(2) catalog/index.c:
ATTRIBUTE_TUPLE_SIZE bytes are allocated but
sizeof(FormData_pg_attribute) bytes are written. Note that
ATTRIBUTE_TUPLE_SIZE is smaller than
sizeof(FormData_pg_attribute). (for example, on solaris 2.6,
ATTRIBUTE_TUPLE_SIZE is 3 bytes smaller).
Attached patches try to fix the problem. I do not check all of sources
and there may be similar mistakes remained, however.
--
Tatsuo Ishii
----------------------------- cut here -----------------------------------
*** postgresql-v6.4/src/backend/parser/gram.y.orig Tue Dec 8 11:26:32 1998
--- postgresql-v6.4/src/backend/parser/gram.y Tue Dec 8 11:27:00 1998
***************
*** 5125,5131 ****
if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;
if (*cp != '\0') {
! cp = palloc(strlen(rawid)+1);
strcpy(cp,"\"");
strcat(cp,rawid);
strcat(cp,"\"");
--- 5125,5131 ----
if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break;
if (*cp != '\0') {
! cp = palloc(strlen(rawid)+3);
strcpy(cp,"\"");
strcat(cp,rawid);
strcat(cp,"\"");
*** postgresql-v6.4/src/backend/catalog/index.c.orig Tue Dec 8 11:41:20 1998
--- postgresql-v6.4/src/backend/catalog/index.c Tue Dec 8 14:14:29 1998
***************
*** 649,655 ****
value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);
init_tuple = heap_addheader(Natts_pg_attribute,
! sizeof *(indexRelation->rd_att->attrs[0]),
(char *) (indexRelation->rd_att->attrs[0]));
hasind = false;
--- 649,655 ----
value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1);
init_tuple = heap_addheader(Natts_pg_attribute,
! ATTRIBUTE_TUPLE_SIZE,
(char *) (indexRelation->rd_att->attrs[0]));
hasind = false;
***************
*** 689,695 ****
*/
memmove(GETSTRUCT(cur_tuple),
(char *) indexTupDesc->attrs[i],
! sizeof(FormData_pg_attribute));
value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
--- 689,695 ----
*/
memmove(GETSTRUCT(cur_tuple),
(char *) indexTupDesc->attrs[i],
! ATTRIBUTE_TUPLE_SIZE);
value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
From | Date | Subject | |
---|---|---|---|
Next Message | Peter T Mount | 1998-12-08 08:58:31 | Problems |
Previous Message | Constantin Teodorescu | 1998-12-08 07:38:11 | Re: libpgtcl.dll for Windows |