Nick Wellnhofer <wellnhofer@aevum.de> writes:
> I found out that the process was looping in enlargeStringInfo() in
> backend/lib/stringinfo.c.
This problem was reported by someone else recently. I've just applied
the attached patch.
> The real cause of the problem seems to be a frontend/backend
> communication problem. The "needed" argument 0x5454502b comes from a
> 4-byte length field which string content is 'TTP/'. Looks like a part of
> a HTTP request to me.
Yeah, it kinda sounds like someone is trying to send an HTTP request to
the Postgres port :-(
regards, tom lane
*** src/backend/lib/stringinfo.c.orig Sat Nov 29 17:39:42 2003
--- src/backend/lib/stringinfo.c Tue May 11 16:00:20 2004
***************
*** 16,21 ****
--- 16,22 ----
#include "postgres.h"
#include "lib/stringinfo.h"
+ #include "utils/memutils.h"
/*
***************
*** 220,226 ****
--- 221,240 ----
{
int newlen;
+ /*
+ * Guard against ridiculous "needed" values, which can occur if we're
+ * fed bogus data. Without this, we can get an overflow or infinite
+ * loop in the following.
+ */
+ if (needed < 0 ||
+ ((Size) needed) >= (MaxAllocSize - (Size) str->len))
+ elog(ERROR, "invalid string enlargement request size %d",
+ needed);
+
needed += str->len + 1; /* total space required now */
+
+ /* Because of the above test, we now have needed <= MaxAllocSize */
+
if (needed <= str->maxlen)
return; /* got enough space already */
***************
*** 233,238 ****
--- 247,260 ----
newlen = 2 * str->maxlen;
while (needed > newlen)
newlen = 2 * newlen;
+
+ /*
+ * Clamp to MaxAllocSize in case we went past it. Note we are assuming
+ * here that MaxAllocSize <= INT_MAX/2, else the above loop could
+ * overflow. We will still have newlen >= needed.
+ */
+ if (newlen > (int) MaxAllocSize)
+ newlen = (int) MaxAllocSize;
str->data = (char *) repalloc(str->data, newlen);
