Lists: | pgsql-bugs |
---|
From: | Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | empty array can crash backend using int_array_enum from contrib. |
Date: | 2005-04-22 10:25:11 |
Message-ID: | 4268D107.7040503@cheapcomplexdevices.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-bugs |
Using the int_array_enum function from contrib/intagg I can crash the 8.0.2 backend when I pass it an empty array.
fli=# select int_array_enum('{}'::int[]);
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!>
fli=# select * from version();
version
-------------------------------------------------------------------------------------
PostgreSQL 8.0.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.3 (SuSE Linux)
(1 row)
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: empty array can crash backend using int_array_enum from contrib. |
Date: | 2005-04-23 05:40:51 |
Message-ID: | 7036.1114234851@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-bugs |
Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
> Using the int_array_enum function from contrib/intagg I can crash the 8.0.2 backend when I pass it an empty array.
Man, we've had a few problems with that thing, haven't we?
I patched it along these lines:
*** contrib/intagg/int_aggregate.c.orig Thu Apr 14 14:16:08 2005
--- contrib/intagg/int_aggregate.c Sat Apr 23 01:32:52 2005
***************
*** 242,247 ****
--- 242,250 ----
pc->p = p;
pc->flags = 0;
}
+ /* Now that we have a detoasted array, verify dimensions */
+ if (pc->p->a.ndim != 1)
+ elog(ERROR, "int_enum only accepts 1-D arrays");
pc->num = 0;
fcinfo->context = (Node *) pc;
MemoryContextSwitchTo(oldcontext);
regards, tom lane
From: | Andrew - Supernews <andrew+nonews(at)supernews(dot)com> |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: empty array can crash backend using int_array_enum from contrib. |
Date: | 2005-04-23 06:51:50 |
Message-ID: | slrnd6js46.27a.andrew+nonews@trinity.supernews.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-bugs |
On 2005-04-23, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
>> Using the int_array_enum function from contrib/intagg I can crash the
>> 8.0.2 backend when I pass it an empty array.
>
> Man, we've had a few problems with that thing, haven't we?
>
> I patched it along these lines:
[snip]
We were discussing this one on irc while it was presumably waiting in the
moderation queue, and I suggested to the poster an alternative patch that
allowed empty arrays to actually be treated as empty (your version will
error out on int_array_enum('{}') rather than producing 0 rows, which seems
unhelpful). I would suggest changing your test from != 1 to > 1, and adding
the moral equivalent of:
--- int_aggregate.c.orig Fri Apr 22 11:37:09 2005
+++ int_aggregate.c Fri Apr 22 11:44:34 2005
@@ -227,7 +227,7 @@
else /* use an existing one */
pc = (CTX *) fcinfo->context;
/* Are we done yet? */
- if (pc->num >= pc->p->items)
+ if (ARR_NDIM(pc->p) != 1 || pc->num >= pc->p->items)
{
/* We are done */
if (pc->flags & TOASTED)
(that test could be moved into the setup phase, of course)
--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services
From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | andrew(at)supernews(dot)com |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: empty array can crash backend using int_array_enum from contrib. |
Date: | 2005-04-23 17:56:58 |
Message-ID: | 11932.1114279018@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Lists: | pgsql-bugs |
Andrew - Supernews <andrew+nonews(at)supernews(dot)com> writes:
> We were discussing this one on irc while it was presumably waiting in the
> moderation queue, and I suggested to the poster an alternative patch that
> allowed empty arrays to actually be treated as empty (your version will
> error out on int_array_enum('{}') rather than producing 0 rows, which seems
> unhelpful).
Done, but not back-patched since this seems more in the nature of a new
feature than a crash preventative.
regards, tom lane