Participants
Alvaro Herrera
Alvaro Herrera
Tom Lane
Tom Lane
Michael Paquier
Michael Paquier
Attachments
Download Latest Patchset
+16-4
Show all attachments
Thread Outline
#1Alvaro HerreraAlvaro Herrera
Feb 18, 2019
#2Tom LaneTom Laneto Alvaro Herrera (#1)
Feb 18, 2019
#3Michael PaquierMichael Paquierto Tom Lane (#2)
Feb 19, 2019
#4Alvaro HerreraAlvaro Herrerato Michael Paquier (#3)
Feb 20, 2019

crash in pg_identify_object_as_address

Started by Alvaro Herreraabout 7 years ago4 messageshackers
Jump to latest
#1Alvaro Herrera
Alvaro Herrera
alvherre@2ndquadrant.com

Hello

I just came across a crash while debugging some corrupted system
catalogs; pg_identify_object_as_address fails to cope with some NULL
input, causing a crash. Attached patch fixes it. Naturally, the output
array will contain NULL members in the output, but that's better than
crashing ...

(The first hunk is purely speculative; I haven't seen anything that
requires that. The actual fix is in the other hunks. But seems better
to be defensive.)

The crash can be reproduced thusly

create function f() returns int language plpgsql as $$ begin return 1; end; $$;
update pg_proc set pronamespace = 9999 where proname = 'f' returning oid \gset
select * from pg_identify_object_as_address('pg_proc'::regclass, :oid, 0);

After the patch, the last line returns:

type | object_names | object_args
----------+--------------+-------------
function | {NULL,f} | {}

where the NULL obviously corresponds to the bogus pg_namespace OID being
referenced.

The patch is on 9.6. I checked 10 and it applies fine there. My
intention is to apply to all branches since 9.5.

--
�lvaro Herrera PostgreSQL Expert, https://www.2ndQuadrant.com/

Attachments:

pg_identify_object_as_address-crash.patchtext/x-diff; charset=us-asciiDownload+16-4
#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Alvaro Herrera (#1)
Re: crash in pg_identify_object_as_address

Alvaro Herrera <alvherre@2ndquadrant.com> writes:

I just came across a crash while debugging some corrupted system
catalogs; pg_identify_object_as_address fails to cope with some NULL
input, causing a crash. Attached patch fixes it. Naturally, the output
array will contain NULL members in the output, but that's better than
crashing ...

Hm, does this overlap with Paquier's much-delayed patch in
https://commitfest.postgresql.org/22/1947/
?

regards, tom lane

#3Michael Paquier
Michael Paquier
michael@paquier.xyz
In reply to: Tom Lane (#2)
Re: crash in pg_identify_object_as_address

On Mon, Feb 18, 2019 at 05:13:27PM -0500, Tom Lane wrote:

Hm, does this overlap with Paquier's much-delayed patch in
https://commitfest.postgresql.org/22/1947/

It partially overlaps, still my patch set would crash as well in that
case. Treating object_names the same way as object_args sounds good
to me, as well as making strlist_to_textarray smarter to treat NULL
inputs.
--
Michael

#4Alvaro Herrera
Alvaro Herrera
alvherre@2ndquadrant.com
In reply to: Michael Paquier (#3)
Re: crash in pg_identify_object_as_address

Pushed, thanks.

--
�lvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

← Back to Topics