Postgres Pro
Downloads
Home   >   mailing lists

Server may segfault when using slices on int2vector - Mailing list pgsql-bugs

From Ronan Dunklau
Subject Server may segfault when using slices on int2vector
Date
Msg-id 2450353.1U6Qoyzd8o@ronan_laptop
Whole thread Raw
Responses Re: Server may segfault when using slices on int2vector  (Heikki Linnakangas <hlinnakangas@vmware.com>)
List pgsql-bugs
Tree view 
Hello.

While building a query on the pg_index relation, I came accross a bug which
simplest form is manifested as this:

select
 a.indkey[1:3],
 a.indkey[1:2]
from pg_index as a

This can result either in a segfault, a failed memory allocation or gibberish
results.

For example, this is a backtrace I could produce while running the above
query.
It turns out that the int2vector->dim1 member has a dummy value.

#0  int2vectorout (fcinfo=<optimized out>) at int.c:192
#1  0x000000000071b445 in FunctionCall1Coll (flinfo=flinfo@entry=0x1ec1360,
collation=collation@entry=0, arg1=arg1@entry=32251408) at fmgr.c:1297
#2  0x000000000071c58e in OutputFunctionCall (flinfo=0x1ec1360, val=32251408)
at fmgr.c:1950
#3  0x000000000046977d in printtup (slot=0x1ec0300, self=0x1e34c28) at
printtup.c:359
#4  0x000000000057eae2 in ExecutePlan (dest=0x1e34c28, direction=<optimized
out>, numberTuples=0, sendTuples=1 '\001', operation=CMD_SELECT,
planstate=0x1ebff10, estate=0x1ebfe00) at execMain.c:1499
#5  standard_ExecutorRun (queryDesc=0x1e96320, direction=<optimized out>,
count=0) at execMain.c:308
#6  0x0000000000652fc8 in PortalRunSelect (portal=portal@entry=0x1ee2680,
forward=forward@entry=1 '\001', count=0, count@entry=9223372036854775807,
dest=dest@entry=0x1e34c28) at pquery.c:946
#7  0x000000000065432f in PortalRun (portal=portal@entry=0x1ee2680,
count=count@entry=9223372036854775807, isTopLevel=isTopLevel@entry=1 '\001',
dest=dest@entry=0x1e34c28, altdest=altdest@entry=0x1e34c28,
completionTag=completionTag@entry=0x7fff90242090 "") at pquery.c:790
#8  0x00000000006520e5 in exec_simple_query (query_string=0x1e7cfa0 "select \n
a.indkey[1:3],\n a.indkey[1:2]\nfrom pg_index as a;") at postgres.c:1048
#9  PostgresMain (argc=<optimized out>, argv=argv@entry=0x1e1b8e8,
dbname=0x1e1b798 "postgres", username=<optimized out>) at postgres.c:3992
#10 0x000000000046607d in BackendRun (port=0x1e39b30) at postmaster.c:4085
#11 BackendStartup (port=0x1e39b30) at postmaster.c:3774
#12 ServerLoop () at postmaster.c:1585
#13 0x00000000006123b1 in PostmasterMain (argc=argc@entry=3,
argv=argv@entry=0x1e19550) at postmaster.c:1240
#14 0x00000000004669f5 in main (argc=3, argv=0x1e19550) at main.c:196



--
Ronan Dunklau
http://dalibo.com - http://dalibo.org

pgsql-bugs by date:

Previous
From: steffen.hildebrandt@student.uni-tuebingen.de
Date:
Subject: BUG #8599: Wrong information in Documentation
Next
From: j.rejda@konektel.cz
Date:
Subject: BUG #8606: Materialized View WITH NO DATA bug