On Tue, Oct 3, 2017 at 3:04 AM, Andreas Seltenreich <seltenre...@gmx.de> wrote: > Tom Lane writes: >> Presumably somebody could dig into the libc source code and prove or >> disprove this, though it would sure help to know exactly what platform >> and version Andreas is testing on. > > This is the code in glibc-2.24 around the crash site: > > ,----[ glibc-2.24/elf/dl-load.c:442 ] > | to_free = cp = expand_dynamic_string_token (l, cp, 1); > | > | size_t len = strlen (cp); > `---- > > …while expand_dynamic_string_token will indeed return NULL on a failed > malloc. Code in the most recent glibc looks the same, so I'll carry > this issue over to the glibc bugzilla then.
You know, I was pretty impressed with sqlsmith when it was only finding bugs in PostgreSQL. Finding bugs in glibc is even more impressive. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers