Re: BUG #17830: Incorrect memory access in trgm_regexp - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #17830: Incorrect memory access in trgm_regexp
Date
Msg-id 1190342.1678552770@sss.pgh.pa.us
Whole thread Raw
In response to BUG #17830: Incorrect memory access in trgm_regexp  (PG Bug reporting form <noreply@postgresql.org>)
Responses Re: BUG #17830: Incorrect memory access in trgm_regexp
List pgsql-bugs
PG Bug reporting form <noreply@postgresql.org> writes:
> When the following script executed:
> CREATE EXTENSION pg_trgm;
> CREATE TABLE t(t text);
> CREATE INDEX t_idx_gin ON t USING gin (t gin_trgm_ops);
> SELECT * FROM t WHERE t ~ '.*$x';
> valgrind detects an invalid memory read:
> ...
> The invalid access occurs in the line:
>         while (j < arcsCount && arcs[j].sourceState == i)
> here arcsCount == 1 even when arcs contains no elements, due to the
> assignment above:
>     arcsCount = (p2 - arcs) + 1;

Yeah, that de-duplication code is incorrectly assuming that the
NFA has more than zero arcs, which it doesn't because the regex
compiler saw that the pattern is unsatisfiable.

Thanks for the report!

            regards, tom lane



pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: BUG #17831: server crash
Next
From: Tom Lane
Date:
Subject: Re: BUG #17826: An assert failed in /src/backend/optimizer/util/var.c