[pgpool-hackers: 1107] Fix segfalut related to parser

Yugo Nagata nagata at sraoss.co.jp
Thu Oct 15 12:27:29 JST 2015


Hi,

I found pgpool-II was able to pass a PostgreSQL regression test,
that is "psql" test when streaming-replication mode. 

pgpool-II came to segfault with the next query.

 prepare q as select array_to_string(array_agg(repeat('x',2*n)),E'\n') as "ab

 c", array_to_string(array_agg(repeat('y',20-2*n)),E'\n') as "a
 bc" from generate_series(1,10) as n(n) group by n>1 ;

This was also reproduced a simple query as below;

 prepare p as select * from generate_series(1,1);

This is because RangeFunction node has a member functions, which is 
a list whose last element is NIL.

  RangeFunction *n = makeNode(RangeFunction);
  n->lateral = false;
  n->ordinality = $2;
  n->is_rowsfrom = false;
  n->functions = list_make1(list_make2($1, NIL));

This caused segfault in foreach loop in _outList() function.
I have fixed and commit this already.

http://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=6f6f0bef4fd704b89c85543635753db21eac62a3

This bug was introduced since 3.4, so I backported this to V3_4_RELEASE.



BTW, in streaming replication, statement in PREPARE is deparsed
by nodeToString in sent_to_where().

 
         /*
          * PREPARE
          */
         else if (IsA(node, PrepareStmt))
         {
             PrepareStmt *prepare_statement = (PrepareStmt *)node;
 
             char *string = nodeToString(prepare_statement->query);
 
             /* Note that this is a recursive call */
             return send_to_where((Node *)(prepare_statement->query), string);
         }

The deparced query "string" is passed to send_to_where() recursively, 
but the second argument is not used in this function at all. I don't
know why this argument is left but I think this should be removed.

Any comments?


-- 
Yugo Nagata <nagata at sraoss.co.jp>


More information about the pgpool-hackers mailing list