[jira] [Comment Edited] (HAWQ-1381) Core dump when execute 'select * from hawq_toolkit.__hawq_log_master_ext;' on macOS

Tue, 07 Mar 2017 18:12:07 -0800 

    [ 
https://issues.apache.org/jira/browse/HAWQ-1381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15900529#comment-15900529
 ] 

Hongxu Ma edited comment on HAWQ-1381 at 3/8/17 2:11 AM:
---------------------------------------------------------

buffer overflow here:

src/backend/access/external/fileam.c:2610
{code}
        sprintf(extvar->GP_SEGMENT_ID, "%d", GetQEIndex());
{code}

GetQEIndex() return -10000 and GP_SEGMENT_ID is char[6], no more space for 
'\0', so it happend.


was (Author: hongxu ma):
buffer overflow here:

src/backend/access/external/fileam.c:2610
{code}
        sprintf(extvar->GP_SEGMENT_ID, "%d", GetQEIndex());
{code}

GetQEIndex() return -10000 and GP_SEGMENT_ID is char[6], so

> Core dump when execute 'select * from hawq_toolkit.__hawq_log_master_ext;' on 
> macOS
> -----------------------------------------------------------------------------------
>
>                 Key: HAWQ-1381
>                 URL: https://issues.apache.org/jira/browse/HAWQ-1381
>             Project: Apache HAWQ
>          Issue Type: Bug
>            Reporter: Hongxu Ma
>            Assignee: Hongxu Ma
>             Fix For: 2.2.0.0-incubating
>
>
> macOS 10.12.1
> {code}
> Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
> 0   libsystem_kernel.dylib          0x00007fffded60dda __pthread_kill + 10
> 1   libsystem_pthread.dylib         0x00007fffdee4c787 pthread_kill + 90
> 2   libsystem_c.dylib               0x00007fffdecc6420 abort + 129
> 3   libsystem_c.dylib               0x00007fffdecc6592 abort_report_np + 181
> 4   libsystem_c.dylib               0x00007fffdececf28 __chk_fail + 48
> 5   libsystem_c.dylib               0x00007fffdececef8 __chk_fail_overflow + 
> 16
> 6   libsystem_c.dylib               0x00007fffdeced413 __sprintf_chk + 199
> 7   postgres                        0x000000010e39e394 external_set_env_vars 
> + 916
> 8   postgres                        0x000000010e39c335 
> open_external_readable_source + 181
> 9   postgres                        0x000000010e39cba6 external_getnext + 70
> 10  postgres                        0x000000010e62a42e ExternalNext + 110
> 11  postgres                        0x000000010e606518 ExecScan + 72
> 12  postgres                        0x000000010e62a3af ExecExternalScan + 31
> 13  postgres                        0x000000010e5f4bd3 ExecProcNode + 739
> 14  postgres                        0x000000010e5e88e2 ExecutePlan + 722
> 15  postgres                        0x000000010e5e82af ExecutorRun + 1471
> 16  postgres                        0x000000010e83531d PortalRunSelect + 317
> 17  postgres                        0x000000010e834dc8 PortalRun + 952
> 18  postgres                        0x000000010e82ad0f exec_simple_query + 
> 2367
> 19  postgres                        0x000000010e828eeb PostgresMain + 7979
> 20  postgres                        0x000000010e7c4198 BackendRun + 1048
> 21  postgres                        0x000000010e7c0f35 BackendStartup + 373
> 22  postgres                        0x000000010e7bde10 ServerLoop + 1248
> 23  postgres                        0x000000010e7bc3cb PostmasterMain + 4859
> 24  postgres                        0x000000010e69f22c main + 940
> 25  libdyld.dylib                   0x00007fffdec32255 start + 1
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to