segmentation fault when cassert enabled - Mailing list pgsql-hackers

From Jehan-Guillaume de Rorthais
Subject segmentation fault when cassert enabled
Date
Msg-id 20191025175929.7e90dbf5@firost
Whole thread Raw
Responses Re: segmentation fault when cassert enabled
List pgsql-hackers
Hi list,

When investigating for the bug reported in thread "logical replication -
negative bitmapset member not allowed", I found a way to seg fault postgresql
only when cassert is enabled.

See the scenario in attachment.

When executed against binaries compiled with --enable-cassert, I have the
following error in logs:

  LOG:  00000: background worker "logical replication worker" (PID 761) was
  terminated by signal 11: Segmentation fault

Here is the stack trace:

#0  in slot_store_cstrings (slot=0x55a3c6973b48, rel=0x55a3c6989468,
    values=0x7ffe08ae67b0) at worker.c:330
#1  in apply_handle_update (s=0x7ffe08aeddb0) at worker.c:712
#2  in apply_dispatch (s=0x7ffe08aeddb0) at worker.c:968
#3  in LogicalRepApplyLoop (last_received=87957952) at worker.c:1175
#4  in ApplyWorkerMain (main_arg=0) at worker.c:1733
#5  in StartBackgroundWorker () at bgworker.c:834
#6  in do_start_bgworker (rw=0x55a3c68c16d0) at postmaster.c:5763
#7  in maybe_start_bgworkers () at postmaster.c:5976
#8  in sigusr1_handler (postgres_signal_arg=10) at postmaster.c:5161
#9  <signal handler called>
#10 in __GI___select (nfds=6, readfds=0x7ffe08aee680, writefds=0x0,
    exceptfds=0x0, timeout=0x7ffe08aee700)
    at ../sysdeps/unix/sysv/linux/select.c:41
#11 in ServerLoop () at postmaster.c:1668
#12 in PostmasterMain (argc=3, argv=0x55a3c6899820) at postmaster.c:1377
#13 in main (argc=3, argv=0x55a3c6899820) at main.c:228


It leads to this conditional test in worker.c:slot_store_cstrings

    for (i = 0; i < natts; i++)
    { [...]
        if (!att->attisdropped && remoteattnum >= 0 &&
            values[remoteattnum] != NULL)

In gdb, I found remoteattnum seems to be not correctly initialized for the
latest column the scenario adds in pgbench_branches:

  (gdb) p remoteattnum
  $1 = 32639
  (gdb) p i
  $2 = 3

I hadn't time to digg further yet. However, I don't understand why this crash
is triggered when cassert is enabled.

Regards,

Attachment

pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: Questions/Observations related to Gist vacuum
Next
From: Konstantin Knizhnik
Date:
Subject: Re: [Proposal] Global temporary tables