search

augmen / rpostgresql

Automatically exported from code.google.com/p/rpostgresql
0 stars 0 forks source link

Buffer overflow #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. prepare table like that:

    Column    |       Type       | Modifiers 
--------------+------------------+-----------
 zwr          | double precision | 
 var          | double precision | 
 typ          | bigint           | 
 nrsym        | bigint           | 
 variable     | text             | 
 value        | double precision | 
 value2       | double precision | 
The structure of table id PostgreSQL has been automatically obtained using
structure of data.frame.

2. Using dbWriteTable insert into it about 8000 records once of data in a
loop, process it using SQL command and purge content of table. This loop
iterates 100 times. The problem occurs at about 40-50 iteration. In the
loop, there is some other updates of other tables.

3. Structure of data is like that:
>class(hh1)
[1] "data.frame"
>head(hh1)
          zwr          var typ          nrsym variable      value     value2
1 0.001952104 0.0004735093            1     1    15942 0.18993642          20
2 0.004668214 0.0008133745            2     1    15942 0.34396592          20
3 0.003748000 0.0005804836            3     1    15942 0.36278915          20
4 0.001952104 0.0004735093            1     1    15951 0.07493939          20
5 0.004668214 0.0008133745            2     1    15951 0.41027399          20
6 0.003748000 0.0005804836            3     1    15951 0.07603849          20

The structure of table id PostgreSQL has been automatically obtained using
this structure of data.frame.

What is the expected output? What do you see instead?

*** buffer overflow detected ***: /usr/lib64/R/bin/exec/R terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f0e4db435f7]
/lib/libc.so.6[0x7f0e4db425a0]
/lib/libc.so.6[0x7f0e4db41a09]
/lib/libc.so.6(_IO_default_xsputn+0x98)[0x7f0e4dac0448]
/lib/libc.so.6(_IO_vfprintf+0x3972)[0x7f0e4da94712]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f0e4db41aa9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f0e4db419ef]
/usr/local/lib/R/site-library/RPostgreSQL/libs/RPostgreSQL.so(RS_PostgreSQL_exec
+0xff)[0x7f0e4b50e0ef]
/usr/lib64/R/lib/libR.so[0x7f0e4e0a6618]
/usr/lib64/R/lib/libR.so(Rf_eval+0x696)[0x7f0e4e0d9a36]
/usr/lib64/R/lib/libR.so[0x7f0e4e0db840]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so[0x7f0e4e0db8cc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so(Rf_applyClosure+0x2e2)[0x7f0e4e0dcff2]
/usr/lib64/R/lib/libR.so(Rf_eval+0x394)[0x7f0e4e0d9734]
/usr/lib64/R/lib/libR.so[0x7f0e4e0dc8a4]
/usr/lib64/R/lib/libR.so(R_execMethod+0x238)[0x7f0e4e0dcc18]
/usr/lib64/R/library/methods/libs/methods.so[0x7f0e4bcfcac5]
/usr/lib64/R/lib/libR.so[0x7f0e4e11b0b9]
/usr/lib64/R/lib/libR.so(Rf_eval+0x5bd)[0x7f0e4e0d995d]
/usr/lib64/R/lib/libR.so[0x7f0e4e0d9b87]
/usr/lib64/R/lib/libR.so(Rf_eval+0x23c)[0x7f0e4e0d95dc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x613)[0x7f0e4e0d99b3]
/usr/lib64/R/lib/libR.so[0x7f0e4e0d9b87]
/usr/lib64/R/lib/libR.so(Rf_eval+0x23c)[0x7f0e4e0d95dc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x613)[0x7f0e4e0d99b3]
/usr/lib64/R/lib/libR.so[0x7f0e4e0daba4]
/usr/lib64/R/lib/libR.so(Rf_eval+0x55b)[0x7f0e4e0d98fb]
/usr/lib64/R/lib/libR.so[0x7f0e4e0db840]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so[0x7f0e4e0db8cc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so(Rf_applyClosure+0x2e2)[0x7f0e4e0dcff2]
/usr/lib64/R/lib/libR.so(Rf_eval+0x394)[0x7f0e4e0d9734]
/usr/lib64/R/lib/libR.so[0x7f0e4e0dc3f3]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so[0x7f0e4e0dbd96]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so[0x7f0e4e0db8cc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so[0x7f0e4e0db8cc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
/usr/lib64/R/lib/libR.so(Rf_applyClosure+0x2e2)[0x7f0e4e0dcff2]
/usr/lib64/R/lib/libR.so(Rf_eval+0x394)[0x7f0e4e0d9734]
/usr/lib64/R/lib/libR.so(Rf_applyClosure+0x2e2)[0x7f0e4e0dcff2]
/usr/lib64/R/lib/libR.so(Rf_eval+0x394)[0x7f0e4e0d9734]
/usr/lib64/R/lib/libR.so[0x7f0e4e0d9b87]
/usr/lib64/R/lib/libR.so(Rf_eval+0x23c)[0x7f0e4e0d95dc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x613)[0x7f0e4e0d99b3]
/usr/lib64/R/lib/libR.so[0x7f0e4e0d9b87]
/usr/lib64/R/lib/libR.so(Rf_eval+0x23c)[0x7f0e4e0d95dc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x613)[0x7f0e4e0d99b3]
/usr/lib64/R/lib/libR.so[0x7f0e4e0d9b87]
/usr/lib64/R/lib/libR.so(Rf_eval+0x23c)[0x7f0e4e0d95dc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x613)[0x7f0e4e0d99b3]
/usr/lib64/R/lib/libR.so[0x7f0e4e0d9b87]
/usr/lib64/R/lib/libR.so(Rf_eval+0x23c)[0x7f0e4e0d95dc]
/usr/lib64/R/lib/libR.so(Rf_eval+0x613)[0x7f0e4e0d99b3]
/usr/lib64/R/lib/libR.so[0x7f0e4e0da74d]
/usr/lib64/R/lib/libR.so[0x7f0e4e0da972]
/usr/lib64/R/lib/libR.so(Rf_eval+0x4a0)[0x7f0e4e0d9840]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:03 198771                            
/usr/lib/R/bin/exec/R
00600000-00601000 r--p 00000000 08:03 198771                            
/usr/lib/R/bin/exec/R
00601000-00602000 rw-p 00001000 08:03 198771                            
/usr/lib/R/bin/exec/R
02395000-06480000 rw-p 00000000 00:00 0                                  [heap]
7f0e482b5000-7f0e482cb000 r-xp 00000000 08:03 37118                     
/lib/libgcc_s.so.1
7f0e482cb000-7f0e484ca000 ---p 00016000 08:03 37118                     
/lib/libgcc_s.so.1
7f0e484ca000-7f0e484cb000 r--p 00015000 08:03 37118                     
/lib/libgcc_s.so.1
7f0e484cb000-7f0e484cc000 rw-p 00016000 08:03 37118                     
/lib/libgcc_s.so.1
7f0e484cc000-7f0e485d0000 rw-p 00000000 00:00 0 
7f0e487d8000-7f0e487db000 r-xp 00000000 08:06 120878037                 
/home/michal/R/x86_64-pc-linux-gnu-library/2.9/multicore/libs/multicore.so
7f0e487db000-7f0e489da000 ---p 00003000 08:06 120878037                 
/home/michal/R/x86_64-pc-linux-gnu-library/2.9/multicore/libs/multicore.so
7f0e489da000-7f0e489db000 r--p 00002000 08:06 120878037                 
/home/michal/R/x86_64-pc-linux-gnu-library/2.9/multicore/libs/multicore.so
7f0e489db000-7f0e489dc000 rw-p 00003000 08:06 120878037                 
/home/michal/R/x86_64-pc-linux-gnu-library/2.9/multicore/libs/multicore.so
7f0e489dc000-7f0e489df000 r-xp 00000000 08:03 86379                     
/lib/libgpg-error.so.0.4.0
7f0e489df000-7f0e48bde000 ---p 00003000 08:03 86379                     
/lib/libgpg-error.so.0.4.0
7f0e48bde000-7f0e48bdf000 r--p 00002000 08:03 86379                     
/lib/libgpg-error.so.0.4.0
7f0e48bdf000-7f0e48be0000 rw-p 00003000 08:03 86379                     
/lib/libgpg-error.so.0.4.0
7f0e48be0000-7f0e48c55000 r-xp 00000000 08:03 90488                     
/lib/libgcrypt.so.11.5.2
7f0e48c55000-7f0e48e54000 ---p 00075000 08:03 90488                     
/lib/libgcrypt.so.11.5.2
7f0e48e54000-7f0e48e55000 r--p 00074000 08:03 90488                     
/lib/libgcrypt.so.11.5.2
7f0e48e55000-7f0e48e58000 rw-p 00075000 08:03 90488                     
/lib/libgcrypt.so.11.5.2
7f0e48e58000-7f0e48e68000 r-xp 00000000 08:03 96075                     
/usr/lib/libtasn1.so.3.1.5
7f0e48e68000-7f0e49067000 ---p 00010000 08:03 96075                     
/usr/lib/libtasn1.so.3.1.5
7f0e49067000-7f0e49068000 r--p 0000f000 08:03 96075                     
/usr/lib/libtasn1.so.3.1.5
7f0e49068000-7f0e49069000 rw-p 00010000 08:03 96075                     
/usr/lib/libtasn1.so.3.1.5
7f0e49069000-7f0e49104000 r-xp 00000000 08:03 24900                     
/usr/lib/libgnutls.so.26.14.10
7f0e49104000-7f0e49304000 ---p 0009b000 08:03 24900                     
/usr/lib/libgnutls.so.26.14.10
7f0e49304000-7f0e4930a000 r--p 0009b000 08:03 24900                     
/usr/lib/libgnutls.so.26.14.10
7f0e4930a000-7f0e4930b000 rw-p 000a1000 08:03 24900                     
/usr/lib/libgnutls.so.26.14.10
7f0e4930b000-7f0e49324000 r-xp 00000000 08:03 94559                     
/usr/lib/libsasl2.so.2.0.23
7f0e49324000-7f0e49523000 ---p 00019000 08:03 94559                     
/usr/lib/libsasl2.so.2.0.23
7f0e49523000-7f0e49524000 r--p 00018000 08:03 94559                     
/usr/lib/libsasl2.so.2.0.23
7f0e49524000-7f0e49525000 rw-p 00019000 08:03 94559                     
/usr/lib/libsasl2.so.2.0.23Aborted

What version of the product are you using? On what operating system?

Ubuntu 9.10 Karmic, PostgreSQL 8.4, R version 2.9.2 (2009-08-24),
RPostgreSQL 0.1-6

Please provide any additional information below.
When I comment all lines with DB-functions in my script, it goes nicely to
the very end.

Original issue reported on code.google.com by sutkowsk...@gmail.com on 12 Nov 2009 at 1:57

GoogleCodeExporter commented 9 years ago 
Changing "variable" column type from 'text' to 'integer' did not solve the 
problem.

I also changed the script to write data once at end of R process (not partially 
as
previous) and in PostgreSQL logs, there are two strange lines:

2009-11-13 01:16:06 CET ERROR:  invalid input syntax for type double precision:
"Error in `$<-.data.frame`(`*tmp*`, "typ", value = c(1L, 0L)) : "
2009-11-13 01:16:06 CET CONTEXT:  COPY tmp_tablename, line 319201, column zwr: 
"Error
in `$<-.data.frame`(`*tmp*`, "typ", value = c(1L, 0L)) : "

Original comment by sutkowsk...@gmail.com on 13 Nov 2009 at 8:17

GoogleCodeExporter commented 9 years ago 
Michal, Can you provide a simple R program to demonstrate this problem?

Original comment by ne...@neiltiffin.com on 12 Sep 2010 at 4:46

GoogleCodeExporter commented 9 years ago 
Close as this is not reproducible and many potential buffer overflow have been 
removed after this report anyway.

Original comment by tomoa...@kenroku.kanazawa-u.ac.jp on 24 Sep 2011 at 10:53