Participants
Heikki Linnakangas
Heikki Linnakangas
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Heikki LinnakangasHeikki Linnakangas
Aug 30, 2007
#2...#4
Heikki LinnakangasTom Lane
to Heikki Linnakangas (#1)
Aug 30, 2007
#2Heikki LinnakangasHeikki Linnakangasto Heikki Linnakangas (#1)
Aug 30, 2007
#4Tom LaneTom Laneto Heikki Linnakangas (#2)
Aug 31, 2007
#3Tom LaneTom Laneto Heikki Linnakangas (#1)
Aug 30, 2007

to_tsquery stack overflow

Started by Heikki Linnakangasover 18 years ago4 messagesbugs
Jump to latest
#1Heikki Linnakangas
Heikki Linnakangas
heikki.linnakangas@enterprisedb.com

Passing a query with enough nested parenthesis in it causes a segfault.
Attached is a handy little program to generate such a query, the actual
query was too big to get through to the list.

The problem seems to be unbounded recursion in the makepol function that
converts the input query from infix to polish notation. An easy fix
would be to just add a level parameter to makepol that's incremented on
each recursion, and throw an error if it grows bigger than some safe
limit. There might be a similar problem in TS_execute as well, if you
can somehow pass a complex enough TSQuery to the system, perhaps with a
custom libpq client and tsqueryrecv.

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com

Attachments:

bigtsquery.ctext/x-csrc; name=bigtsquery.cDownload
#2Heikki Linnakangas
Heikki Linnakangas
heikki.linnakangas@enterprisedb.com
In reply to: Heikki Linnakangas (#1)
Re: to_tsquery stack overflow

Heikki Linnakangas wrote:

Passing a query with enough nested parenthesis in it causes a segfault.
Attached is a handy little program to generate such a query, the actual
query was too big to get through to the list.

The problem seems to be unbounded recursion in the makepol function that
converts the input query from infix to polish notation. An easy fix
would be to just add a level parameter to makepol that's incremented on
each recursion, and throw an error if it grows bigger than some safe
limit. There might be a similar problem in TS_execute as well, if you
can somehow pass a complex enough TSQuery to the system, perhaps with a
custom libpq client and tsqueryrecv.

Actually, the right way to fix that is of course to call
check_stack_depth() in makepol and TS_execute.

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com

#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Heikki Linnakangas (#1)
Re: to_tsquery stack overflow

"Heikki Linnakangas" <heikki@enterprisedb.com> writes:

The problem seems to be unbounded recursion in the makepol function that
converts the input query from infix to polish notation. An easy fix
would be to just add a level parameter to makepol that's incremented on
each recursion, and throw an error if it grows bigger than some safe
limit.

check_stack_depth() seems the correct fix.

regards, tom lane

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Heikki Linnakangas (#2)
Re: to_tsquery stack overflow

"Heikki Linnakangas" <heikki@enterprisedb.com> writes:

Actually, the right way to fix that is of course to call
check_stack_depth() in makepol and TS_execute.

Done.

That is, I did it in HEAD's integrated tsearch code. I suppose the same
hazard exists in all back-branch contrib/tsearch2 versions ... how
excited are we about fixing those?

regards, tom lane

← Back to Topics