Thread: Re: [GENERAL] PG crash on simple query, story continues

Re: [GENERAL] PG crash on simple query, story continues

From
"Maksim Likharev"
Date:
>>         !if error happend, xfrmlen will be (size_t)-1
>No it won't; see the man page for strxfrm.

RETURN VALUES
     Upon successful completion, strxfrm() returns the length  of
     the  transformed  string (not including the terminating null
     byte). If the value returned is n or more, the  contents  of
     the array pointed to by s1 are indeterminate.

     On failure, strxfrm() returns (size_t)-1.

but you a right it is strxfrm() that returns more than allowed,
most likely in following condition:
    strxfrm(xfrmstr, val, 0)

a null terminator extra.

I am on SunOS 5.8,
BTW on Linux it works....


-----Original Message-----
From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
Sent: Tuesday, July 08, 2003 11:45 AM
To: Maksim Likharev
Cc: pgsql-general@postgresql.org; pgsql-hackers@postgresql.org
Subject: Re: [GENERAL] PG crash on simple query, story continues


"Maksim Likharev" <mlikharev@aurigin.com> writes:
>             ! I would say very interesting aproach,
>             ! why not just
>         xfrmsize = strxfrm(xfrmstr, NULL, 0);

strxfrm doesn't work that way (and if it did, it would give back a
malloc'd not a palloc'd string).

>         !if error happend, xfrmlen will be (size_t)-1

No it won't; see the man page for strxfrm.

This does raise an interesting thought though: what platform are you on?
It seems to me that we've heard of buggy versions of strxfrm that write
more bytes than they're allowed to, thereby clobbering palloc's data
structures.

            regards, tom lane

Re: [GENERAL] PG crash on simple query, story continues

From
Tom Lane
Date:
"Maksim Likharev" <mlikharev@aurigin.com> writes:
>      On failure, strxfrm() returns (size_t)-1.

Not according to the Single Unix Specification, Linux, or HP-UX;
I don't have any others to check.  But anyway, that is not causing
your problem, since palloc(0) would complain not dump core.

> I am on SunOS 5.8,

Solaris, eh?  IIRC, it was Solaris that we last heard about broken
strxfrm on.  Better check to see if Sun has a fix for this.

            regards, tom lane