| From: | Bo Ørsted Andresen <boa(at)neogrid(dot)dk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14180: Segmentation fault on replication slave |
| Date: | 2016-06-07 18:55:11 |
| Message-ID: | VI1PR04MB14884ECAD7862BCA59A7A8A5CB5D0@VI1PR04MB1488.eurprd04.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> On 2016-06-07 20:08, Tom Lane wrote:
> I think the reason for the lack of useful backtrace info is that we've smashed
> the stack. Note that the original report shows i == 3324 which is much larger
> than the available length of the local items[] array (408).
> So presumably, the passed-in "len" was bogus (much too large).
>
> If you're prepared to build a custom version of Postgres, you could try adding
> this to _bt_restore_page():
>
> /* Need to copy tuple header due to alignment
> considerations */
> memcpy(&itupdata, from, sizeof(IndexTupleData));
> itemsz = IndexTupleDSize(itupdata);
> itemsz = MAXALIGN(itemsz);
>
> + if (i >= lengthof(items))
> + elog(PANIC, "too many items on btree page");
> +
> items[i] = (Item) from;
> itemsizes[i] = itemsz;
> i++;
>
> from += itemsz;
>
> and then you should get a core dump before the stack is clobbered.
>
> I wonder whether we shouldn't add such a check to the regular sources...
Will give it a shot tomorrow.
Regards,
Bo Ørsted Andresen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | worden.eric | 2016-06-07 22:05:20 | BUG #14181: pg_upgrade: operator family "btree_hstore_ops" does not exist |
| Previous Message | Bo Ørsted Andresen | 2016-06-07 18:20:22 | Re: BUG #14180: Segmentation fault on replication slave |