search

Segfault-Inc / Multicorn

Data Access Library
https://multicorn.org/
PostgreSQL License
700 stars 145 forks source link

Crash with PostgreSQL 9.5.1 #131

Closed ergo70 closed 8 years ago

ergo70 commented 8 years ago

After upgrading from PostgreSQL 9.5.0 to 9.5.1, multicorn 1.3.1 crashes with Signal 11 when you try to SELECT from a multicorn backed foreign table.

I cross checked with clean installations of PostgreSQL and multicorn from source on Ubuntu 14.04.03 LTS with gcc 4.8.5 and python 2.7.6.

9.5.0 works, 9.5.1 breaks.

guedes commented 8 years ago

I was investigating this yesterday just didn't send here because security implications, but the backtrace is:

Program received signal SIGSEGV, Segmentation fault.
0x00007f25b32311c0 in pg_detoast_datum ()
(gdb) bt
#0  0x00007f25b32311c0 in pg_detoast_datum ()
#1  0x00007f25b3071f93 in makeConst ()
#2  0x00007f25a2bb9625 in getColumnsFromTable ()
   from /usr/lib/postgresql/9.5/lib/multicorn.so
#3  0x00007f25a2bb9c25 in getCacheEntry ()
   from /usr/lib/postgresql/9.5/lib/multicorn.so
#4  0x00007f25a2bb9dd3 in getInstance ()
   from /usr/lib/postgresql/9.5/lib/multicorn.so
#5  0x00007f25a2bbe7e6 in ?? ()
   from /usr/lib/postgresql/9.5/lib/multicorn.so
#6  0x00007f25b3084d7e in ?? ()
#7  0x00007f25b3085b2a in make_one_rel ()
#8  0x00007f25b309f920 in query_planner ()
#9  0x00007f25b30a1820 in ?? ()
#10 0x00007f25b30a4dc7 in subquery_planner ()
#11 0x00007f25b30a50f4 in standard_planner ()
#12 0x00007f25b312af44 in pg_plan_query ()
#13 0x00007f25b312b034 in pg_plan_queries ()
#14 0x00007f25b312cc07 in PostgresMain ()
#15 0x00007f25b2ec6be1 in ?? ()
#16 0x00007f25b30d075e in PostmasterMain ()
#17 0x00007f25b2ec7d67 in main ()

This behavior came from the new treatment in makeConst from commit http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e80c85e4e8d9b7bd02ff5737f7a740487cee71d4 that introduces this in makefuncs.c:

diff --git a/src/backend/nodes/makefuncs.c b/src/backend/nodes/makefuncs.c
index 4be89f6..437abad 100644 (file)
--- a/src/backend/nodes/makefuncs.c
+++ b/src/backend/nodes/makefuncs.c
@@ -17,6 +17,7 @@

 #include "catalog/pg_class.h"
 #include "catalog/pg_type.h"
+#include "fmgr.h"
 #include "nodes/makefuncs.h"
 #include "nodes/nodeFuncs.h"
 #include "utils/lsyscache.h"
@@ -302,6 +303,14 @@ makeConst(Oid consttype,
 {
    Const      *cnst = makeNode(Const);

+   /*
+    * If it's a varlena value, force it to be in non-expanded (non-toasted)
+    * format; this avoids any possible dependency on external values and
+    * improves consistency of representation, which is important for equal().
+    */
+   if (!constisnull && constlen == -1)
+       constvalue = PointerGetDatum(PG_DETOAST_DATUM(constvalue));

I sent this output to security@postgresql.org yesterday, and received a confirmation that this is the cause and that the bug should be fixed in Multicorn.

rdunklau commented 8 years ago

Thank you, I didn't notice this issue until today.

This is fixed partly by https://github.com/Kozea/Multicorn/pull/132 and this commit: https://github.com/Kozea/Multicorn/commit/64ce596a85509bf366da203bc660bc697747abe2