memory destruction in 6.4 - Mailing list pgsql-hackers
| From | Tatsuo Ishii |
|---|---|
| Subject | memory destruction in 6.4 |
| Date | |
| Msg-id | 199812080845.RAA05792@srapc451.sra.co.jp Whole thread Raw |
| Responses |
Re: [HACKERS] memory destruction in 6.4
|
| List | pgsql-hackers |
While investigating a user's complaint, I have found some memory
destructions in 6.4 source using purify.
(1) parser/gram.y:fmtId()
It writes n+3 bytes into n+1 byte-long memory area if mixed case or
non-ascii identifiers given.
(2) catalog/index.c:
ATTRIBUTE_TUPLE_SIZE bytes are allocated but
sizeof(FormData_pg_attribute) bytes are written. Note that
ATTRIBUTE_TUPLE_SIZE is smaller than
sizeof(FormData_pg_attribute). (for example, on solaris 2.6,
ATTRIBUTE_TUPLE_SIZE is 3 bytes smaller).
Attached patches try to fix the problem. I do not check all of sources
and there may be similar mistakes remained, however.
--
Tatsuo Ishii
----------------------------- cut here -----------------------------------
*** postgresql-v6.4/src/backend/parser/gram.y.orig Tue Dec 8 11:26:32 1998
--- postgresql-v6.4/src/backend/parser/gram.y Tue Dec 8 11:27:00 1998
***************
*** 5125,5131 **** if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break; if (*cp != '\0') {
! cp = palloc(strlen(rawid)+1); strcpy(cp,"\""); strcat(cp,rawid); strcat(cp,"\"");
--- 5125,5131 ---- if (! (islower(*cp) || isdigit(*cp) || (*cp == '_'))) break; if (*cp != '\0') {
! cp = palloc(strlen(rawid)+3); strcpy(cp,"\""); strcat(cp,rawid); strcat(cp,"\"");
*** postgresql-v6.4/src/backend/catalog/index.c.orig Tue Dec 8 11:41:20 1998
--- postgresql-v6.4/src/backend/catalog/index.c Tue Dec 8 14:14:29 1998
***************
*** 649,655 **** value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1); init_tuple =
heap_addheader(Natts_pg_attribute,
! sizeof *(indexRelation->rd_att->attrs[0]), (char *)
(indexRelation->rd_att->attrs[0])); hasind = false;
--- 649,655 ---- value[Anum_pg_attribute_attcacheoff - 1] = Int32GetDatum(-1); init_tuple =
heap_addheader(Natts_pg_attribute,
! ATTRIBUTE_TUPLE_SIZE, (char *) (indexRelation->rd_att->attrs[0]));
hasind = false;
***************
*** 689,695 **** */ memmove(GETSTRUCT(cur_tuple), (char *) indexTupDesc->attrs[i],
! sizeof(FormData_pg_attribute)); value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
--- 689,695 ---- */ memmove(GETSTRUCT(cur_tuple), (char *) indexTupDesc->attrs[i],
! ATTRIBUTE_TUPLE_SIZE); value[Anum_pg_attribute_attnum - 1] = Int16GetDatum(i + 1);
pgsql-hackers by date: