Re: Bus error in formatting.c NUM_numpart_to_char (9.4.12, 9.6.3, sparc)

Tom Lane wrote:

> Anyway, find those annotation(s) and send us all the text for that area and maybe a few dozen lines on either side.

Summary for the current issue, against 9.4.12.

Clean pgdg 9.4.12 fails:

regression.out:

numeric ... FAILED (test process exited with exit code 2)

regression.diffs:

SELECT '' AS to_char_6, to_char(val, 'FMS9999999999999999.999999999999999') FROM num_data;
! server closed the connection unexpectedly
! This probably means the server terminated abnormally
! before or while processing the request.
! connection to server was lost

postmaster.log:

LOG: server process (PID 15999) was terminated by signal 10: Bus error
DETAIL: Failed process was running: SELECT '' AS to_char_6, to_char(val, 'FMS9999999999999999.999999999999999') FROM num_data;

Crash location:

Reading symbols from /home/turelto/src/original/postgresql-9.4-9.4.12/build/src/backend/postgres...done.
[New LWP 15999]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/sparc-linux-gnu/libthread_db.so.1".
Core was generated by `postgres: turelto regression [local] SELECT '.
Program terminated with signal 10, Bus error.
#0 NUM_numpart_to_char (id=3, Np=0xff852a34)
at /home/turelto/src/original/postgresql-9.4-9.4.12/build/../src/backend/utils/adt/formatting.c:4419
4419 if (Np->Num->lsign == NUM_LSIGN_PRE)
(gdb) l
4414 (Np->num_curr >= Np->out_pre_spaces || (IS_ZERO(Np->Num) && Np->Num->zero_start == Np->num_curr)) &&
4415 (IS_PREDEC_SPACE(Np) == FALSE || (Np->last_relevant && *Np->last_relevant == '.')))
4416 {
4417 if (IS_LSIGN(Np->Num))
4418 {
4419 if (Np->Num->lsign == NUM_LSIGN_PRE)
4420 {
4421 if (Np->sign == '-')
4422 strcpy(Np->inout_p, Np->L_negative_sign);
4423 else
(gdb)

Assembly snippet attached as "original-9.4.12-snippet.s" from file generated with:

gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -fexcess-precision=standard -g -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -I/usr/include/mit-krb5 -DLINUX_OOM_SCORE_ADJ=0 -I../../../../src/include -I/home/turelto/src/original/postgresql-9.4-9.4.12/build/../src/include -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/include/tcl8.5 -S /home/turelto/src/original/postgresql-9.4-9.4.12/build/../src/backend/utils/adt/formatting.c

Patched pgdg 9.4.12 passes all tests.

Applied patch attached as "patch" (reverts commit 20f870f):

Index: postgresql-9.4-9.4.12/src/backend/utils/adt/formatting.c
===================================================================
--- postgresql-9.4-9.4.12.orig/src/backend/utils/adt/formatting.c 2017-05-08 23:19:04.000000000 +0200
+++ postgresql-9.4-9.4.12/src/backend/utils/adt/formatting.c 2017-06-22 09:20:17.000000000 +0200
@@ -4173,12 +4173,12 @@
(id == NUM_0 || id == NUM_9) ? "NUM_0/9" : id == NUM_DEC ? "NUM_DEC" : "???");
#endif

+ if (*Np->inout_p == ' ')
+ Np->inout_p++;
+
#define OVERLOAD_TEST (Np->inout_p >= Np->inout + input_len)
#define AMOUNT_TEST(_s) (input_len-(Np->inout_p-Np->inout) >= _s)

- if (OVERLOAD_TEST)
- return;
-
if (*Np->inout_p == ' ')
Np->inout_p++;

@@ -4316,7 +4316,7 @@
* next char is not digit
*/
if (IS_LSIGN(Np->Num) && isread &&
- (Np->inout_p + 1) < Np->inout + input_len &&
+ (Np->inout_p + 1) <= Np->inout + input_len &&
!isdigit((unsigned char) *(Np->inout_p + 1)))
{
int x;

Assembly snippet attached as "patched-9.4.12-snippet.s" from file generated with:

gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -fexcess-precision=standard -g -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -I/usr/include/mit-krb5 -DLINUX_OOM_SCORE_ADJ=0 -I../../../../src/include -I/home/turelto/src/tmp/postgresql-9.4-9.4.12/build/../src/include -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -I/usr/include/libxml2 -I/usr/include/tcl8.5 -S /home/turelto/src/tmp/postgresql-9.4-9.4.12/build/../src/backend/utils/adt/formatting.c

The line number where the crash is being reported before patching (4419) doesn't change after patching, and occurs in only one ".loc" annotation, before and after patching.

I will try to do the same for the issue from last year, replying to that thread.

Best regards,
Tom Turelinckx