Postgres Pro
Downloads
Home   >   mailing lists

Thread: puzzling JSON bug

puzzling JSON bug

From
Andrew Dunstan
Date:
David Wheeler has presented me with a nasty bug case.

If I do this:
   select '{"members": { "add": [3, 4]}}'::json #> '{members,add}';

then I get a crash.

If I comment out the pfree() at json.c:parse_object_field() lines 378-9 
then I get back the right result but instead get a warning like this:
   WARNING:  problem in alloc set ExprContext: bogus aset link in block   0x1efaa80, chunk 0x1efb1f0


I'm not quite sure where I should go looking for what I've done wrong here.

cheers

andrew

Re: puzzling JSON bug

From
Tom Lane
Date:
Andrew Dunstan <andrew@dunslane.net> writes:
> David Wheeler has presented me with a nasty bug case.
> If I do this:

>     select '{"members": { "add": [3, 4]}}'::json #> '{members,add}';

> then I get a crash.

> If I comment out the pfree() at json.c:parse_object_field() lines 378-9 
> then I get back the right result but instead get a warning like this:

>     WARNING:  problem in alloc set ExprContext: bogus aset link in block
>     0x1efaa80, chunk 0x1efb1f0

> I'm not quite sure where I should go looking for what I've done wrong here.

Routine array-overrun memory stomp.  The chunk header data for "fname"'s
alloc chunk is being overwritten here:

Watchpoint 2: *(int *) 1075253088

Old value = 1074925616
New value = -1
0x50fe14 in get_array_start (state=0x40170e88) at jsonfuncs.c:688
688                     _state->array_level_index[lex_level] = -1;

It appears that lex_level is 2 but only enough room for 2 entries has
been allocated in array_level_index[].
        regards, tom lane

Re: puzzling JSON bug

From
Andrew Dunstan
Date:
On 04/04/2013 03:39 PM, Tom Lane wrote:
> Andrew Dunstan <andrew@dunslane.net> writes:
>> David Wheeler has presented me with a nasty bug case.
>> If I do this:
>>      select '{"members": { "add": [3, 4]}}'::json #> '{members,add}';
>> then I get a crash.
>> If I comment out the pfree() at json.c:parse_object_field() lines 378-9
>> then I get back the right result but instead get a warning like this:
>>      WARNING:  problem in alloc set ExprContext: bogus aset link in block
>>      0x1efaa80, chunk 0x1efb1f0
>> I'm not quite sure where I should go looking for what I've done wrong here.
> Routine array-overrun memory stomp.  The chunk header data for "fname"'s
> alloc chunk is being overwritten here:
>
> Watchpoint 2: *(int *) 1075253088
>
> Old value = 1074925616
> New value = -1
> 0x50fe14 in get_array_start (state=0x40170e88) at jsonfuncs.c:688
> 688                     _state->array_level_index[lex_level] = -1;
>
> It appears that lex_level is 2 but only enough room for 2 entries has
> been allocated in array_level_index[].


OK, many thanks, will fix.

cheers

andrew