From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Shane Ambler <pgsql(at)007Marketing(dot)com> |
Cc: | pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: Strange pgsql crash on MacOSX |
Date: | 2006-12-28 18:23:36 |
Message-ID: | 21538.1167330216@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Shane Ambler <pgsql(at)007Marketing(dot)com> writes:
> Tom Lane wrote:
>> Hm, so the question is: is it our bug or Apple's? If you kept the
>> busted history file, would you be willing to send me a copy?
> The zip file attached has the psql_history file that crashes when
> quiting but doesn't appear to contain the steps I done when it first
> crashed.
So the answer is: it's Apple's bug, or at least not ours. libedit
contains a typo that causes it to potentially fail when saving strings
exceeding 256 bytes. Check out this code (around line 730 in history.c):
len = strlen(ev.str) * 4;
if (len >= max_size) {
char *nptr;
max_size = (len + 1023) & 1023;
nptr = h_realloc(ptr, max_size);
I think the intent of the max_size recalculation is to select the next
1K boundary larger than "len", but it actually produces a number *less*
than 1K. Probably "(len + 1023) & ~1023" was meant ... but even that
is wrong if len is exactly a multiple of 1024, because it will fail to
round up. So the buffer is realloc'd too small, and that results in
a potential memory clobber if the history entry is less than 1K, and a
guaranteed clobber if it's more.
The source code available from Apple shows that they got this code from
NetBSD originally
/* $NetBSD: history.c,v 1.25 2003/10/18 23:48:42 christos Exp $ */
so this may well be a pretty generic *BSD bug. Anyone clear on who to
report it to? I have no idea if libedit is an independent project...
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2006-12-28 18:36:00 | Re: Recent SIGSEGV failures in buildfarm HEAD |
Previous Message | Stefan Kaltenbrunner | 2006-12-28 18:17:10 | Re: Recent SIGSEGV failures in buildfarm HEAD |