Alexander Korotkov <[email protected]> writes:
> With current head I can't load delicious dataset into jsonb format. I got
> segfault. It looks like memory corruption.
The proximate cause of this seems to be that reserveFromBuffer() fails
to consider the possibility that it needs to more-than-double the
current buffer size. This change makes the crash go away for me:
diff --git a/src/backend/utils/adt/jsonb_util.c
b/src/backend/utils/adt/jsonb_util.c
index 832a08d..0c4af04 100644
*** a/src/backend/utils/adt/jsonb_util.c
--- b/src/backend/utils/adt/jsonb_util.c
*************** reserveFromBuffer(convertState *buffer,
*** 1186,1192 ****
/* Make more room if needed */
if (buffer->len + len > buffer->allocatedsz)
{
! buffer->allocatedsz *= 2;
buffer->buffer = repalloc(buffer->buffer, buffer->allocatedsz);
}
--- 1186,1195 ----
/* Make more room if needed */
if (buffer->len + len > buffer->allocatedsz)
{
! do
! {
! buffer->allocatedsz *= 2;
! } while (buffer->len + len > buffer->allocatedsz);
buffer->buffer = repalloc(buffer->buffer, buffer->allocatedsz);
}
However, what it looks to me like we've got here is a very bad
reimplementation of StringInfo buffers. There is for example no
integer-overflow checking here. Rather than try to bring this code
up to speed, I think we should rip it out and use StringInfo.
regards, tom lane
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
