Bug in backend/lib/stringinfo.c:enlargeStringInfo()
| От | Nick Wellnhofer |
|---|---|
| Тема | Bug in backend/lib/stringinfo.c:enlargeStringInfo() |
| Дата | |
| Msg-id | 40A0ED4E.8000706@aevum.de обсуждение исходный текст |
| Ответы |
Re: Bug in backend/lib/stringinfo.c:enlargeStringInfo()
|
| Список | pgsql-bugs |
Hi,
for some time a postgres process on one of our web servers repeatedly
gets into an infinite loop. This happens very rarely, about once in a
week. Today I installed gdb on the server to trace down the problem.
I found out that the process was looping in enlargeStringInfo() in
backend/lib/stringinfo.c. The call trace was
#0 0x0810e490 in enlargeStringInfo ()
#1 0x081138e4 in pq_getmessage ()
#2 0x0816561b in SocketBackend ()
#3 0x081657bb in ReadCommand ()
#4 0x08167a5e in PostgresMain ()
#5 0x08144353 in BackendFork ()
#6 0x08143d33 in BackendStartup ()
#7 0x08142516 in ServerLoop ()
#8 0x08142057 in PostmasterMain ()
#9 0x08114a4d in main ()
#10 0x400e8857 in __libc_start_main () from /lib/libc.so.6
The "needed" argument to enlargeStringInfo was 0x5454502b, apparently
caused by another bug, which I have yet to find.
So the following loop never stops
while (needed > newlen)
newlen = 2 * newlen;
because needed and newlen are compared as signed integers. (If "newlen"
has grown to 0x40000000 it's still smaller than "needed". Multiplying by
2 overflows and yields 0x80000000, which is negative, thus still smaller
than "needed". Multiplying by 2 again yields 0, ...)
The numbers should be compared as unsigned ints. Or the maximum string
length should be restricted.
On the other hand I wonder if it's desired to even try the following
memory allocation of at least a GB of RAM. The pq_getmessage() that
called enlargeStringInfo() has a "maxlen" argument of 0, that seems to
mean unlimited.
The real cause of the problem seems to be a frontend/backend
communication problem. The "needed" argument 0x5454502b comes from a
4-byte length field which string content is 'TTP/'. Looks like a part of
a HTTP request to me.
I'm using Apache/mod_perl/DBI to access Postgres. Can I log the
frontend/backend communication somehow?
Nick Wellnhofer
--
aevum gmbh
leopoldstr. 87
80802 münchen
germany
fon: +4989 38380653
fax: +4989 38799384
wellnhofer@aevum.de
http://aevum.de/
В списке pgsql-bugs по дате отправления: