Re: BUG #4793: Segmentation fault when doing vacuum analyze

On Tuesday 05 May 2009 17:16:03 Tom Lane wrote:
> "Dennis Noordsij" <dennis(dot)noordsij(at)helsinki(dot)fi> writes:
> > (gdb) bt
> > #0 0x00000000004eecf7 in compute_scalar_stats (stats=0x1abd878,
> > fetchfunc=0x4f0f30 <std_fetch_func>, samplerows=<value optimized
> > out>, totalrows=4154315)
> > at analyze.c:2321
> > #1 0x00000000004efbf5 in analyze_rel (relid=16484, vacstmt=0x1aaf140,
> > bstrategy=<value optimized out>, update_reltuples=1 '\001') at
> > analyze.c:433
>
> Hmm, that code hasn't changed in quite some time, so I doubt this is a
> new bug in 8.4. You'll need to either poke into it yourself, or supply
> a dump of the table to someone who can.
>
> regards, tom lane

As an update on the bug (sorry if this arrived twice):

for (i = 0; i < num_hist; i++)
{
int pos;

pos = (i * (nvals - 1)) / (num_hist - 1);
hist_values[i] = datumCopy(values[pos].value,
stats->attr->attbyval,
stats->attr->attlen);
}

What happens is that:

(gdb) print i
$17 = 1458
(gdb) print nvals
$18 = 1473527
(gdb) print num_hist
$19 = 5001
(gdb) print pos
$20 = -429313

(gdb) print samplerows
$22 = 1500000
(gdb) print values_cnt
$34 = 1500000

(gdb) print ndistinct
$35 = 904980
(gdb) print nmultiple
$36 = 435290
(gdb) print num_hist
$37 = 5001
(gdb) print dups_cnt
$38 = 0
(gdb) print slot_idx
$39 = 1

Without the overflow the result of
pos = (i * (nvals - 1)) / (num_hist - 1);
would be 429680, which would be a valid index into "values"

Cheers
Dennis