[BUGS] Bug in backend/lib/stringinfo.c:enlargeStringInfo()

Tue, 11 May 2004 12:15:15 -0700


Hi,

for some time a postgres process on one of our web servers repeatedly gets into an infinite loop. This happens very rarely, about once in a week. Today I installed gdb on the server to trace down the problem.

I found out that the process was looping in enlargeStringInfo() in backend/lib/stringinfo.c. The call trace was

#0  0x0810e490 in enlargeStringInfo ()
#1  0x081138e4 in pq_getmessage ()
#2  0x0816561b in SocketBackend ()
#3  0x081657bb in ReadCommand ()
#4  0x08167a5e in PostgresMain ()
#5  0x08144353 in BackendFork ()
#6  0x08143d33 in BackendStartup ()
#7  0x08142516 in ServerLoop ()
#8  0x08142057 in PostmasterMain ()
#9  0x08114a4d in main ()
#10 0x400e8857 in __libc_start_main () from /lib/libc.so.6

The "needed" argument to enlargeStringInfo was 0x5454502b, apparently caused by another bug, which I have yet to find.

So the following loop never stops

        while (needed > newlen)
                newlen = 2 * newlen;

because needed and newlen are compared as signed integers. (If "newlen" has grown to 0x40000000 it's still smaller than "needed". Multiplying by 2 overflows and yields 0x80000000, which is negative, thus still smaller than "needed". Multiplying by 2 again yields 0, ...)

The numbers should be compared as unsigned ints. Or the maximum string length should be restricted.

On the other hand I wonder if it's desired to even try the following memory allocation of at least a GB of RAM. The pq_getmessage() that called enlargeStringInfo() has a "maxlen" argument of 0, that seems to mean unlimited.

The real cause of the problem seems to be a frontend/backend communication problem. The "needed" argument 0x5454502b comes from a 4-byte length field which string content is 'TTP/'. Looks like a part of a HTTP request to me.

I'm using Apache/mod_perl/DBI to access Postgres. Can I log the frontend/backend communication somehow?

Nick Wellnhofer



--
aevum gmbh
leopoldstr. 87
80802 münchen
germany

fon: +4989 38380653
fax: +4989 38799384
[EMAIL PROTECTED]
http://aevum.de/

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Reply via email to