Re: empty array can crash backend using int_array_enum from contrib.

Using the int_array_enum function from contrib/intagg I can crash the 8.0.2 backend when I pass it an empty array.

fli=# select int_array_enum('{}'::int[]);
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
!>

fli=# select * from version();
version
-------------------------------------------------------------------------------------
PostgreSQL 8.0.2 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.3.3 (SuSE Linux)
(1 row)

Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
> Using the int_array_enum function from contrib/intagg I can crash the 8.0.2 backend when I pass it an empty array.

Man, we've had a few problems with that thing, haven't we?

I patched it along these lines:

*** contrib/intagg/int_aggregate.c.orig Thu Apr 14 14:16:08 2005
--- contrib/intagg/int_aggregate.c Sat Apr 23 01:32:52 2005
***************
*** 242,247 ****
--- 242,250 ----
pc->p = p;
pc->flags = 0;
}
+ /* Now that we have a detoasted array, verify dimensions */
+ if (pc->p->a.ndim != 1)
+ elog(ERROR, "int_enum only accepts 1-D arrays");
pc->num = 0;
fcinfo->context = (Node *) pc;
MemoryContextSwitchTo(oldcontext);

regards, tom lane

On 2005-04-23, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com> writes:
>> Using the int_array_enum function from contrib/intagg I can crash the
>> 8.0.2 backend when I pass it an empty array.
>
> Man, we've had a few problems with that thing, haven't we?
>
> I patched it along these lines:
[snip]

We were discussing this one on irc while it was presumably waiting in the
moderation queue, and I suggested to the poster an alternative patch that
allowed empty arrays to actually be treated as empty (your version will
error out on int_array_enum('{}') rather than producing 0 rows, which seems
unhelpful). I would suggest changing your test from != 1 to > 1, and adding
the moral equivalent of:

--- int_aggregate.c.orig Fri Apr 22 11:37:09 2005
+++ int_aggregate.c Fri Apr 22 11:44:34 2005
@@ -227,7 +227,7 @@
else /* use an existing one */
pc = (CTX *) fcinfo->context;
/* Are we done yet? */
- if (pc->num >= pc->p->items)
+ if (ARR_NDIM(pc->p) != 1 || pc->num >= pc->p->items)
{
/* We are done */
if (pc->flags & TOASTED)

(that test could be moved into the setup phase, of course)

--
Andrew, Supernews
http://www.supernews.com - individual and corporate NNTP services

Andrew - Supernews <andrew+nonews(at)supernews(dot)com> writes:
> We were discussing this one on irc while it was presumably waiting in the
> moderation queue, and I suggested to the poster an alternative patch that
> allowed empty arrays to actually be treated as empty (your version will
> error out on int_array_enum('{}') rather than producing 0 rows, which seems
> unhelpful).

Done, but not back-patched since this seems more in the nature of a new
feature than a crash preventative.

regards, tom lane