| From: | James Coleman <jtc331(at)gmail(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | dhyan(at)nataraj(dot)su, pgsql-hackers(at)lists(dot)postgresql(dot)org, Teodor Sigaev <teodor(at)sigaev(dot)ru>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pageinspect: add tuple_data_record() |
| Date: | 2018-10-17 21:02:20 |
| Message-ID: | CAAaqYe9AD8uiioe1i8k_133sAX_2f+4_5UmJ=YqRH92vYNwX7A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> There's plenty ways it can go horribly wrong. Let's start with something
> simple:
>
> BEGIN;
> ALTER TABLE ... ADD COLUMN blarg INT;
> INSERT ... (blag) VALUES (132467890);
> ROLLBACK;
>
> ALTER TABLE ... ADD COLUMN blarg TEXT;
>
> If you now read the table with your function you'll see a dead row that
> will re-interpret a int datum as a text datum. Which in all likelyhood
> will crash the server.
>
That particular case gives this result:
ERROR: number of attributes in tuple header is greater than number of
attributes in tuple descriptor
Some more extended monkeying with adding/dropping columns repeatedly
gave this result:
ERROR: unexpected end of tuple data
That error (unexpected end of tuple data) should (at least in the non-TOAST
case)
prevent the bug of reading beyond the raw tuple data in memory, which would
be
the easiest way I could imagine to cause a serious problem.
Is there a case that could crash outside of a non-primitive type that has
unsafe
data reading code?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2018-10-17 21:08:40 | Re: pageinspect: add tuple_data_record() |
| Previous Message | Thomas Munro | 2018-10-17 20:43:14 | Re: DSM robustness failure (was Re: Peripatus/failures) |