| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | jsonb iterator not fully initialized |
| Date: | 2018-05-26 00:02:09 |
| Message-ID: | a05dc277-a68a-76d9-a78d-56ff6e52cfea@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I got this error message via -fsanitized=undefined:
jsonfuncs.c:5169:12: runtime error: load of value 127, which is not a
valid value for type '_Bool'
The query was
select ts_headline('{}'::jsonb, tsquery('aaa & bbb'));
This calls the C function ts_headline_jsonb_byid_opt(), which calls
transform_jsonb_string_values(), which calls
it = JsonbIteratorInit(&jsonb->root);
is_scalar = it->isScalar;
but it->isScalar is not always initialized by JsonbIteratorInit(). (So
the 127 is quite likely clobbered memory.)
It can be fixed this way:
--- a/src/backend/utils/adt/jsonb_util.c
+++ b/src/backend/utils/adt/jsonb_util.c
@@ -901,7 +901,7 @@ iteratorFromContainer(JsonbContainer *container,
JsonbIterator *parent)
{
JsonbIterator *it;
- it = palloc(sizeof(JsonbIterator));
+ it = palloc0(sizeof(JsonbIterator));
it->container = container;
it->parent = parent;
it->nElems = JsonContainerSize(container);
It's probably not a problem in practice, since the isScalar business is
apparently only used in the array case, but it's dubious to leave things
uninitialized like this nonetheless.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-05-26 00:02:24 | Re: Timetz comparison |
| Previous Message | Michael Paquier | 2018-05-25 23:32:20 | Re: SCRAM with channel binding downgrade attack |