Skip site navigation (1) Skip section navigation (2)

BUG #1723: array_cat() bug when passed empty array

From: "Dave Chapeskie" <pgsql(at)ddm(dot)wox(dot)org>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #1723: array_cat() bug when passed empty array
Date: 2005-06-20 16:07:37
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
The following bug has been logged online:

Bug reference:      1723
Logged by:          Dave Chapeskie
Email address:      pgsql(at)ddm(dot)wox(dot)org
PostgreSQL version: 7.4.6
Operating system:   FreeBSD 5.x
Description:        array_cat() bug when passed empty array

I believe this bug still exists in the latest 8.0.x but 
have not tested that version, just looked at the code.

array_cat() has a bug when passed an empty array.  The 
code attempts to optimise/short-circuit this case and 
returns a pointer to the non-empty argument.  This is 
bad/wrong.  Especially when used in a construct like:
  foo := foo || <some_array>
since after array_cat() returns exec_assign_value() 
will pfree() 'foo' and then attempt to assign the now 
invalid result that points to 'foo'.

Turning on assertion checks (which turns on memory 
checks) catches this.  Here is a simple example:

create or replace function array_test (text[],text[])
returns text[] as '
	    tmp text[];
	    tmp := $1;
	    tmp := tmp || $2;
	    return tmp;
	language plpgsql
select array_test(array['foo','bar'],'{x}');
select array_test(array['foo','bar'],'{}');

The first call to array_test() returns
as expected.  With debuging on the second call returns:
ERROR:  out of memory
DETAIL:  Failed on request of size 1065320319.
CONTEXT:  PL/pgSQL function "array_test" while casting return value to
function's return type
Note 1065320319 = 0x3F7F7F7F and with debugging pfree'd  
memory is filled with 0x74 bytes.  The top 0x4000000 
got cleared because the top bits of the length field 
are flag bits.  I've also seen the error say 
"Failed on request of size 2139062147.".


pgsql-bugs by date

Next:From: Bruce MomjianDate: 2005-06-20 18:52:18
Subject: Re: BUG #1721: mutiple bytes character string comaprison error
Previous:From: Richard HuxtonDate: 2005-06-20 12:36:02
Subject: Re: BUG #1722: table with a serial field don't works

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group