Bugs item #921173, was opened at 2004-03-22 18:04 Message generated for change (Comment added) made by mlkersten You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=482468&aid=921173&group_id=56967
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: SQL "stable" Status: Open Resolution: Fixed Priority: 6 Private: No Submitted By: Sjoerd Mullender (sjoerd) Assigned to: Niels Nes (nielsnes) Summary: extremely long and complex query causes SEGFAULT Initial Comment: The attached file contains a query from the crash-me script that causes a SEGFAULT in the server. My guess is that there is a buffer overflow in sql_gencode. I'm looking into it. ---------------------------------------------------------------------- >Comment By: Martin Kersten (mlkersten) Date: 2008-11-10 09:08 Message: The overflow is caused by the SQL default to assume a tinyint type as argument. We cannot assume the compiler to be more clever. The result is an overflow which is correctly catched with a null. (provided tinyint is 0-255 ;)) ---------------------------------------------------------------------- Comment By: Niels Nes (nielsnes) Date: 2008-06-02 09:13 Message: Logged In: YES user_id=43556 Originator: NO The problem here is overflow detection. On gdk and m4/m5 level we need to introduce some overflow exceptions. ---------------------------------------------------------------------- Comment By: Stefan Manegold (stmane) Date: 2008-06-01 21:44 Message: Logged In: YES user_id=572415 Originator: NO Re-opened as the respective test fails again (still?). With M5 server (both default and "algebra" SQL compiler), only the output seems to differ (returns "NULL" instead of "2001"): http://monetdb.cwi.nl/testing/projects/monetdb/Stable/sql/.mTests5103/GNU.64.64.d-Fedora8/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.out.00.html http://monetdb.cwi.nl/testing/projects/monetdb/Stable/sql/.mTestsG103/GNU.64.64.d-Fedora8/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.out.00.html With M4 server, the test triggers a segfault (at least on some architectures): http://monetdb.cwi.nl/testing/projects/monetdb/Stable/sql/.mTests4103/GNU.64.64.d-Fedora8/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.err.00.html ---------------------------------------------------------------------- Comment By: Stefan Manegold (stmane) Date: 2006-01-15 14:15 Message: Logged In: YES user_id=572415 Closed as the actual/original bug is fixed. The segfault on some platforms is file in this new report #1406591 "several tests cause segfault on the same subset of platforms" https://sourceforge.net/tracker/index.php?func=detail&aid=1406591&group_id=56967&atid=482468 ---------------------------------------------------------------------- Comment By: Stefan Manegold (stmane) Date: 2006-01-14 13:35 Message: Logged In: YES user_id=572415 re-opend as it segfauls on the same platforms as #1314982 "kill(0) causes SEGFAULT" https://sourceforge.net/tracker/index.php?func=detail&aid=1314982&group_id=56967&atid=482468 and #1292727 "Mserver segfault because of 'col_name'" https://sourceforge.net/tracker/index.php?func=detail&aid=1292727&group_id=56967&atid=482468 Fedora Core 4 (32-bit) http://monetdb.cwi.nl/testing/projects/monetdb/Current/sql/.mTests103/GNU.32.32.d-Fedora4/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.err.00.html Gentoo 1.6.13 (32-bit) http://monetdb.cwi.nl/testing/projects/monetdb/Current/sql/.mTests103/GNU.32.32.d-Gentoo1.6.13/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.err.00.html SuSE 9.3 (32-bit) http://monetdb.cwi.nl/testing/projects/monetdb/Current/sql/.mTests103/GNU.32.32.d-SuSE9.3/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.err.00.html SuSE 9ES (32-bit) http://monetdb.cwi.nl/testing/projects/monetdb/Current/sql/.mTests103/GNU.32.32.d-SuSE9ES/src_test_BugDay_2005-10-06_2.9.3/huge_expression_and_column_name.SF-921173.err.00.html ---------------------------------------------------------------------- Comment By: Niels Nes (nielsnes) Date: 2005-10-23 13:57 Message: Logged In: YES user_id=43556 check for to big (recursion depth) queries is added. ---------------------------------------------------------------------- Comment By: Niels Nes (nielsnes) Date: 2005-10-23 00:11 Message: Logged In: YES user_id=43556 check for to big (recursion depth) queries is added. ---------------------------------------------------------------------- Comment By: Stefan Manegold (stmane) Date: 2005-10-06 12:34 Message: Logged In: YES user_id=572415 BugDay_2005-10-06: CLAIMED BY stmane BugDay_2005-10-06: TEST ADDED / FAILURE test (excl. stable.out) added as sql/src/test/BugDay_2005-10-06_2.9.3/Tests/huge_expression_and_column_name.SF-921173.* bug re-opened, as the segfault re-occurs (at least with MonetDB 4.9.3 + SQL 2.9.3 compiled with gcc 4.0.1 on my 64-bit Fedora Core sytem) It might very well be that we run out of stack space with a rather deep recursion...! ---------------------------------------------------------------------- Comment By: Niels Nes (nielsnes) Date: 2004-03-22 20:09 Message: Logged In: YES user_id=43556 A to large column name was generated. Column names are now protected, but a full audit (buffer overflow) of sql_gencode is needed. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=482468&aid=921173&group_id=56967 ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Monetdb-bugs mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/monetdb-bugs
