Обсуждение: to_tsquery stack overflow
Passing a query with enough nested parenthesis in it causes a segfault. Attached is a handy little program to generate such a query, the actual query was too big to get through to the list. The problem seems to be unbounded recursion in the makepol function that converts the input query from infix to polish notation. An easy fix would be to just add a level parameter to makepol that's incremented on each recursion, and throw an error if it grows bigger than some safe limit. There might be a similar problem in TS_execute as well, if you can somehow pass a complex enough TSQuery to the system, perhaps with a custom libpq client and tsqueryrecv. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com #include <stdio.h> #include <stdlib.h> int main(int argc, char **argv) { int i; int n; if(argc == 1) n = 10; else n = atoi(argv[1]); printf("SELECT to_tsquery('simple', '"); for(i=0;i < n; i++) { printf("%d|(", i + 1); } printf("end"); for(i=0;i < n; i++) { printf(")"); } printf("')\n"); }
Heikki Linnakangas wrote: > Passing a query with enough nested parenthesis in it causes a segfault. > Attached is a handy little program to generate such a query, the actual > query was too big to get through to the list. > > The problem seems to be unbounded recursion in the makepol function that > converts the input query from infix to polish notation. An easy fix > would be to just add a level parameter to makepol that's incremented on > each recursion, and throw an error if it grows bigger than some safe > limit. There might be a similar problem in TS_execute as well, if you > can somehow pass a complex enough TSQuery to the system, perhaps with a > custom libpq client and tsqueryrecv. Actually, the right way to fix that is of course to call check_stack_depth() in makepol and TS_execute. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
"Heikki Linnakangas" <heikki@enterprisedb.com> writes: > The problem seems to be unbounded recursion in the makepol function that > converts the input query from infix to polish notation. An easy fix > would be to just add a level parameter to makepol that's incremented on > each recursion, and throw an error if it grows bigger than some safe > limit. check_stack_depth() seems the correct fix. regards, tom lane
"Heikki Linnakangas" <heikki@enterprisedb.com> writes: > Actually, the right way to fix that is of course to call > check_stack_depth() in makepol and TS_execute. Done. That is, I did it in HEAD's integrated tsearch code. I suppose the same hazard exists in all back-branch contrib/tsearch2 versions ... how excited are we about fixing those? regards, tom lane