| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, ipluta(at)wp(dot)pl |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16176: NULL value returned by category_sql argument to crosstab() causes segmentation fault |
| Date: | 2019-12-21 14:14:41 |
| Message-ID: | 8d8ef71e-a347-67be-696a-3bdd259ec9fb@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 12/20/19 1:00 PM, Tom Lane wrote:
> PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
>> -- this will crash pg12, but not version() < 12 - note NULL value in
>> categories query:
>> select * from crosstab ('values (1, 2, 12), (1, 3, 13), (2, 2, 22), (2,
>> 3, 23), (3, 2, 32), (3, 3, 33) order by 1, 2, 3', 'values (2), (null)') as
>> rr (a int, "2" int, "3" int);
>
> Yeah, duplicated here. It seems tablefunc is passing a NULL string
> pointer to sprintf(). Previously, that would work on some platforms
> and crash on others --- as of v12, it crashes everywhere.
>
> What we need here is to figure out what the hashtab string key ought
> to be for a NULL category. I suspect what was happening before
> (on non-crashing platforms) was that you implicitly got "(nil)"
> or some spelling like that, which is not great because it could
> conflict with a valid user key. Alternatively, we could refuse
> NULL category values ... not sure if that's desirable.
>
> Anyway, this is *not* a new bug, it's just possible to hit it on
> more platforms now.
It appears that in pg11 (and presumably prior) when snprintf() is called
it is resolved (here at least )to __GI___snprintf() which comes directly
from libc. On my desktop machine the system snprintf() deals with a null
pointer argument without crashing. I guess this is why the crash was
platform dependent.
In pg12 (and presumably master), it is resolved to our own port function
pg_snprintf(), which in turn works its way to dopr(), where strlen() is
called on a null pointer and "<boom>". Undoubtedly strlen() is a bit
more consistent than snprintf() across platforms in this regard.
From what I can see, even on pg11 and prior, having a null category
never did anything useful. And in the 16 years or so since this has been
around, no one in my memory ever asked for that functionality, so I am
inclined to refuse NULL category values unless someone wants to make a
good case otherwise.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-12-21 15:02:05 | Re: BUG #16104: Invalid DSA Memory Alloc Request in Parallel Hash |
| Previous Message | Tomas Vondra | 2019-12-21 11:40:03 | Re: Indexing on JSONB field not working |