| From: | Ronan Dunklau <ronan(dot)dunklau(at)dalibo(dot)com> |
|---|---|
| To: | pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Server may segfault when using slices on int2vector |
| Date: | 2013-11-19 14:24:44 |
| Message-ID: | 2450353.1U6Qoyzd8o@ronan_laptop |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hello.
While building a query on the pg_index relation, I came accross a bug which
simplest form is manifested as this:
select
a.indkey[1:3],
a.indkey[1:2]
from pg_index as a
This can result either in a segfault, a failed memory allocation or gibberish
results.
For example, this is a backtrace I could produce while running the above
query.
It turns out that the int2vector->dim1 member has a dummy value.
#0 int2vectorout (fcinfo=<optimized out>) at int.c:192
#1 0x000000000071b445 in FunctionCall1Coll (flinfo=flinfo(at)entry=0x1ec1360,
collation=collation(at)entry=0, arg1=arg1(at)entry=32251408) at fmgr.c:1297
#2 0x000000000071c58e in OutputFunctionCall (flinfo=0x1ec1360, val=32251408)
at fmgr.c:1950
#3 0x000000000046977d in printtup (slot=0x1ec0300, self=0x1e34c28) at
printtup.c:359
#4 0x000000000057eae2 in ExecutePlan (dest=0x1e34c28, direction=<optimized
out>, numberTuples=0, sendTuples=1 '\001', operation=CMD_SELECT,
planstate=0x1ebff10, estate=0x1ebfe00) at execMain.c:1499
#5 standard_ExecutorRun (queryDesc=0x1e96320, direction=<optimized out>,
count=0) at execMain.c:308
#6 0x0000000000652fc8 in PortalRunSelect (portal=portal(at)entry=0x1ee2680,
forward=forward(at)entry=1 '\001', count=0, count(at)entry=9223372036854775807,
dest=dest(at)entry=0x1e34c28) at pquery.c:946
#7 0x000000000065432f in PortalRun (portal=portal(at)entry=0x1ee2680,
count=count(at)entry=9223372036854775807, isTopLevel=isTopLevel(at)entry=1 '\001',
dest=dest(at)entry=0x1e34c28, altdest=altdest(at)entry=0x1e34c28,
completionTag=completionTag(at)entry=0x7fff90242090 "") at pquery.c:790
#8 0x00000000006520e5 in exec_simple_query (query_string=0x1e7cfa0 "select \n
a.indkey[1:3],\n a.indkey[1:2]\nfrom pg_index as a;") at postgres.c:1048
#9 PostgresMain (argc=<optimized out>, argv=argv(at)entry=0x1e1b8e8,
dbname=0x1e1b798 "postgres", username=<optimized out>) at postgres.c:3992
#10 0x000000000046607d in BackendRun (port=0x1e39b30) at postmaster.c:4085
#11 BackendStartup (port=0x1e39b30) at postmaster.c:3774
#12 ServerLoop () at postmaster.c:1585
#13 0x00000000006123b1 in PostmasterMain (argc=argc(at)entry=3,
argv=argv(at)entry=0x1e19550) at postmaster.c:1240
#14 0x00000000004669f5 in main (argc=3, argv=0x1e19550) at main.c:196
--
Ronan Dunklau
http://dalibo.com - http://dalibo.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | j.rejda | 2013-11-19 15:35:52 | BUG #8606: Materialized View WITH NO DATA bug |
| Previous Message | Pavel Stehule | 2013-11-19 12:08:39 | Re: Re: [BUGS] BUG #7873: pg_restore --clean tries to drop tables that don't exist |