| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bo Ørsted Andresen <boa(at)neogrid(dot)dk> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14180: Segmentation fault on replication slave |
| Date: | 2016-06-07 18:07:32 |
| Message-ID: | 20105.1465322852@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
=?iso-8859-1?Q?Bo_=D8rsted_Andresen?= <boa(at)neogrid(dot)dk> writes:
>> On 2016-06-07 19:41, Andres Freund wrote:
>> Any chance the running version of postgres is out of date with the installed
>> binaries / debug symbols?
> You mean that I upgraded without restarting postgres before the segfault?
I think the reason for the lack of useful backtrace info is that we've
smashed the stack. Note that the original report shows i == 3324 which is
much larger than the available length of the local items[] array (408).
So presumably, the passed-in "len" was bogus (much too large).
If you're prepared to build a custom version of Postgres, you could
try adding this to _bt_restore_page():
/* Need to copy tuple header due to alignment considerations */
memcpy(&itupdata, from, sizeof(IndexTupleData));
itemsz = IndexTupleDSize(itupdata);
itemsz = MAXALIGN(itemsz);
+ if (i >= lengthof(items))
+ elog(PANIC, "too many items on btree page");
+
items[i] = (Item) from;
itemsizes[i] = itemsz;
i++;
from += itemsz;
and then you should get a core dump before the stack is clobbered.
I wonder whether we shouldn't add such a check to the regular sources...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bo Ørsted Andresen | 2016-06-07 18:15:14 | Re: BUG #14180: Segmentation fault on replication slave |
| Previous Message | Andres Freund | 2016-06-07 18:06:50 | Re: BUG #14180: Segmentation fault on replication slave |