Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGABRT when the parse_messages parameter equals to error. #162

Closed
Xen-On-core opened this issue Oct 9, 2023 · 1 comment
Closed

SIGABRT when the parse_messages parameter equals to error. #162

Xen-On-core opened this issue Oct 9, 2023 · 1 comment

Comments

@Xen-On-core
Copy link

Xen-On-core commented Oct 9, 2023
edited
Loading

Hello!
The following commands calls SIGABRT:

LOAD 'pg_hint_plan';
SET pg_hint_plan.parse_messages TO error;

/*+Set/SELECT 1;
/Set*/SELECT 1;
/*+Set/SELECT 1;
/*+Set*/SELECT 1;
/Set*/SELECT 1;
/*+Set*/SELECT 1;

This happens on the PG11-PG13 branches.

Here is the backtrace:

#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=139730467214464) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=139730467214464) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=139730467214464, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007f1588442476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007f15884287f3 in __GI_abort () at ./stdlib/abort.c:79
#5  0x000056480df4b47a in ExceptionalCondition (
    conditionName=conditionName@entry=0x56480e1054c8 "!(((context) != ((void *)0) && (((((const Node*)((context)))->type) == T_AllocSetContext) || ((((const Node*)((context)))->type) == T_SlabContext) || ((((const Node*)((context)))->type) == T_Generatio"..., 
    errorType=errorType@entry=0x56480dfae879 "BadArgument", fileName=fileName@entry=0x56480e105438 "../../../../src/include/utils/memutils.h", lineNumber=lineNumber@entry=130) at assert.c:54
#6  0x000056480df7eabf in GetMemoryChunkContext (pointer=<optimized out>) at ../../../../src/include/utils/memutils.h:130
#7  pfree (pointer=<optimized out>) at mcxt.c:1082
#8  0x00007f1588f030cb in get_current_hint_string (pstate=0x56480f850a58, query=0x56480f850b70) at pg_hint_plan.c:3009
#9  0x000056480db951d7 in parse_analyze (parseTree=parseTree@entry=0x56480f8509c0, sourceText=sourceText@entry=0x56480f84fdc0 "/*+Set*/SELECT 1;", paramTypes=paramTypes@entry=0x0, numParams=numParams@entry=0, queryEnv=queryEnv@entry=0x0) at analyze.c:120
#10 0x000056480de18c90 in pg_analyze_and_rewrite (queryEnv=0x0, numParams=0, paramTypes=0x0, query_string=0x56480f84fdc0 "/*+Set*/SELECT 1;", parsetree=0x56480f8509c0) at postgres.c:774
#11 exec_simple_query (query_string=0x56480f84fdc0 "/*+Set*/SELECT 1;") at postgres.c:1235
#12 0x000056480de1a465 in PostgresMain (argc=<optimized out>, argv=argv@entry=0x56480f880208, dbname=<optimized out>, username=<optimized out>) at postgres.c:5105
#13 0x000056480dd76688 in BackendRun (port=0x56480f8774e0) at postmaster.c:5390
#14 BackendStartup (pool=<optimized out>, port=0x56480f8774e0) at postmaster.c:5036
#15 0x000056480dd76ce3 in ServerLoop () at postmaster.c:2040
#16 0x000056480dd784f1 in PostmasterMain (argc=argc@entry=3, argv=argv@entry=0x56480f84a580) at postmaster.c:1508
#17 0x000056480da77887 in main (argc=3, argv=0x56480f84a580) at main.c:230

Suggested fix by svglukhov is in the attachment.
fix-invalid-hint-declarations.txt
michaelpq added a commit that referenced this issue Oct 11, 2023
@michaelpq
Fix crash when retrieving query hint
7e57354 
This issue would be able to crash the server when for example setting
pg_hint_plan.parse_messages to 'error' in a session and trigger an error
via a hint that cannot be parsed.

Per issue #162.  This issue does not exist in 14 and newer branches
because get_current_hint_string() is much more careful with the handling
of pfree()'d current_hint_str there.

Reported-by: Pogosyan Vardan
Author: Sergei Glukhov
Backpatch-through: 12
michaelpq added a commit that referenced this issue Oct 11, 2023
@michaelpq
Fix crash when retrieving query hint
500ed88 
This issue would be able to crash the server when for example setting
pg_hint_plan.parse_messages to 'error' in a session and trigger an error
via a hint that cannot be parsed.

Per issue #162.  This issue does not exist in 14 and newer branches
because get_current_hint_string() is much more careful with the handling
of pfree()'d current_hint_str there.

Reported-by: Pogosyan Vardan
Author: Sergei Glukhov
Backpatch-through: 12
@michaelpq
Copy link
Collaborator

Thanks for the report. I have applied a fix on PG12 and PG13 where the problem appears. In PG14 this code is much more careful. PG11 is not supported anymore, unfortunately.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelpq @Xen-On-core