Re: Postgresql 8.3 beta crash
| От | Tom Lane |
|---|---|
| Тема | Re: Postgresql 8.3 beta crash |
| Дата | |
| Msg-id | 23027.1193874092@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Postgresql 8.3 beta crash (Heikki Linnakangas <heikki@enterprisedb.com>) |
| Ответы |
Re: Postgresql 8.3 beta crash
Re: Postgresql 8.3 beta crash |
| Список | pgsql-hackers |
Heikki Linnakangas <heikki@enterprisedb.com> writes:
> So my current theory is:
> In xmlelement(), we use ExecEvalExpr(), which in turn calls xml_parse.
> xml_parse calls xmlCleanupParser(). But when we call ExecEvalExpr(),
> we're in the middle of constructing an xml buffer, so calling
> xmlCleanupBuffer() probably frees something we still need.
No, your first theory is closer to the mark. What is happening is that
xmlelement neglects to call xml_init, therefore the various stuff
allocated by libxml is allocated using malloc(). Then xml_parse is
called, and it *does* do xml_init(), which calls xmlMemSetup. Then
when we return to xmlelement and start freeing stuff, libxml tries
to use xml_pfree to free something it got from malloc().
I think that (1) we need a call to xml_init here, and hence also a
PG_TRY block; (2) there is a lot of stuff in xml_init that should be
one-time-only, why does it not have an "already done" flag?
regards, tom lane
В списке pgsql-hackers по дате отправления: