Re: [bug fix] ECPG app crashes due to SIGBUS on SPARC Solaris

Hello,

I encountered a bug of ECPG with PG 9.2.4, which probably exists in all
releases. The attached patch is for 9.4. Could you review and backport
this to at least 9.2 and later?

[Problem]
The attached ECPG app crashes and dumps core with SIGBUS on Solaris for
SPARC. I used Solaris 10, and Oracle Studio to compile the app for 64-bit
build. The same app completes successfully on Linux and Windows for
x86/x564.

The steps to reproduce the problem is:
1. ecpg sigbus.pgc
2. cc -xtarget=generic64 -I<pgsql_dir>/include
sigbus.c -L<pgsql_dir>/lib -lecpg
3. a.out

When execting FETCH statement using an SQL descriptor, the app crashes at
the following line in ECPGdo(), which is in
src/interfaces/ecpg/ecpglib/execute.c:

var->value = *((char **) (var->pointer));

[Cause]
ecpg outputs the following line in the preprocessed source file:

{ ECPGdo(__LINE__, 0, 1, NULL, 0, ECPGst_normal, "fetch $0",
ECPGt_char,(cur),(long)4,(long)1,(4)*sizeof(char),
ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, ECPGt_EOIT,
ECPGt_descriptor, (desc1), 0L, 0L, 0L,
ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, ECPGt_EORT);}

So, the above line is executed in ECPGdo(). On the other hand, desc1 is not
aligned on 8-byte boundary. This unaligned access causes SIGBUS.

[Fix]
Because desc1 is a char array, else block should be executed instead of the
above path.

var->value = var->pointer;

Therefore, make ecpg pass SQL descriptor host variables to ECPGdo() with
non-zero lengths.

Regards
MauMau

2013-12-24 13:55 kelteze'ssel, MauMau i'rta:
> Hello,
>
> I encountered a bug of ECPG with PG 9.2.4, which probably exists in all releases. The
> attached patch is for 9.4. Could you review and backport this to at least 9.2 and later?
>
>
> [Problem]
> The attached ECPG app

The app wasn't attached, only the patch.
If this is a small test app, it can also be a part of the patch in the form of a
regression test.

> crashes and dumps core with SIGBUS on Solaris for SPARC. I used Solaris 10, and Oracle
> Studio to compile the app for 64-bit build. The same app completes successfully on Linux
> and Windows for x86/x564.
>
> The steps to reproduce the problem is:
> 1. ecpg sigbus.pgc
> 2. cc -xtarget=generic64 -I<pgsql_dir>/include sigbus.c -L<pgsql_dir>/lib -lecpg
> 3. a.out
>
> When execting FETCH statement using an SQL descriptor, the app crashes at the following
> line in ECPGdo(), which is in src/interfaces/ecpg/ecpglib/execute.c:
>
> var->value = *((char **) (var->pointer));
>
>
> [Cause]
> ecpg outputs the following line in the preprocessed source file:
>
> { ECPGdo(__LINE__, 0, 1, NULL, 0, ECPGst_normal, "fetch $0",
> ECPGt_char,(cur),(long)4,(long)1,(4)*sizeof(char),
> ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, ECPGt_EOIT,
> ECPGt_descriptor, (desc1), 0L, 0L, 0L,
> ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, ECPGt_EORT);}
>
> So, the above line is executed in ECPGdo(). On the other hand, desc1 is not aligned on
> 8-byte boundary. This unaligned access causes SIGBUS.
>
>
> [Fix]
> Because desc1 is a char array, else block should be executed instead of the above path.
>
> var->value = var->pointer;
>
> Therefore, make ecpg pass SQL descriptor host variables to ECPGdo() with non-zero lengths.
>
>
> Regards
> MauMau
>
>

--
----------------------------------
Zolta'n Bo"szo"rme'nyi
Cybertec Scho"nig & Scho"nig GmbH
Gro"hrmu"hlgasse 26
A-2700 Wiener Neustadt, Austria
Web: http://www.postgresql-support.de
http://www.postgresql.at/

From: "Boszormenyi Zoltan" <zb(at)cybertec(dot)at>
> The app wasn't attached, only the patch.
> If this is a small test app, it can also be a part of the patch in the
> form of a
> regression test.

Sorry, attached. Thank you for pointing it out.

Regards
MauMau

On Tue, Dec 24, 2013 at 09:55:45PM +0900, MauMau wrote:
> The attached ECPG app crashes and dumps core with SIGBUS on Solaris
> for SPARC. I used Solaris 10, and Oracle Studio to compile the app
> for 64-bit build. The same app completes successfully on Linux and
> Windows for x86/x564.

What happens to the regression test suite on your system? There are test cases
that access a descriptor in a similar way I think.

> Because desc1 is a char array, else block should be executed instead
> of the above path.

> Therefore, make ecpg pass SQL descriptor host variables to ECPGdo()
> with non-zero lengths.

How did you decide which values to put in? I fail to see a reason for choosing
exactly these values.

Mkichael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at gmail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

From: "Michael Meskes" <meskes(at)postgresql(dot)org>
> What happens to the regression test suite on your system? There are test
> cases
> that access a descriptor in a similar way I think.

OK, I'll run the ECPG regression test on Solaris without the patch. Please
wait until Jan 6 2014 or so, because we've just entered new year holidays
here in Japan.

> How did you decide which values to put in? I fail to see a reason for
> choosing
> exactly these values.

Yes, the value is arbitrary except it should be non-zero so that ECPGdo()
can execute the else block. And the lengths here are irrelevant to the
actual processing. I thought the original 0 was chosen arbitrarily and I
could do so too. If I can do better, please let me know that.

Regards
MauMau

On Sat, Dec 28, 2013 at 08:04:09AM +0900, MauMau wrote:
> OK, I'll run the ECPG regression test on Solaris without the patch.
> Please wait until Jan 6 2014 or so, because we've just entered new
> year holidays here in Japan.

Sure, we're no in a particular hurry.

Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at gmail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL

From: "Michael Meskes" <meskes(at)postgresql(dot)org>
> On Sat, Dec 28, 2013 at 08:04:09AM +0900, MauMau wrote:
>> OK, I'll run the ECPG regression test on Solaris without the patch.
>> Please wait until Jan 6 2014 or so, because we've just entered new
>> year holidays here in Japan.
>
> Sure, we're no in a particular hurry.

I ran the ECPG regression test with the unpatched 64-bit PostgreSQL 9.2.4 on
SPARC Solaris, and it succeeded (all 54 tests passed). For information, I
did as follows:

configure --prefix=... CC='<Oracle_Studio_HOME>/bin/cc -xtarget=generic64'
...
gmake
gmake install
initdb -E UTF8 --no-locale
pg_ctl start
cd postgresql-9.2.4/src/interfaces/ecpg
gmake check

I guess that's that's because the regression test doesn't have a test case
which specifies SQL descriptor name with a host variable.

Regards
MauMau

On Sun, Jan 05, 2014 at 03:42:42PM +0900, MauMau wrote:
> I ran the ECPG regression test with the unpatched 64-bit PostgreSQL
> 9.2.4 on SPARC Solaris, and it succeeded (all 54 tests passed). For
> ...

Thanks a lot. Patch applied to HEAD and all the backbranches. Will push shortly.

Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at gmail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL