Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 57641a1

Browse files
tglsfdctglsfdc
committed
Fix core dump in QTNodeCompare when tsquery_cmp() is applied to two empty
tsqueries. CompareTSQ has to have a guard for the case rather than blindly applying QTNodeCompare to random data past the end of the datums. Also, change QTNodeCompare to be a little less trusting: use an actual test rather than just Assert'ing that the input is sane. Problem encountered while investigating another issue (I saw a core dump in autoanalyze on a table containing multiple empty tsquery values). Back-patch to all branches with tsquery support. In HEAD, also fix some bizarre (though not outright wrong) coding in tsq_mcontains().
1 parent 57d9aef commit 57641a1

File tree

2 files changed

+15
-12
lines changed

2 files changed

+15
-12
lines changed

src/backend/utils/adt/tsquery_op.c

+8-8
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $PostgreSQL: pgsql/src/backend/utils/adt/tsquery_op.c,v 1.8 2010/01/02 16:57:55 momjian Exp $
10+
* $PostgreSQL: pgsql/src/backend/utils/adt/tsquery_op.c,v 1.9 2010/08/03 00:10:39 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -149,7 +149,7 @@ CompareTSQ(TSQuery a, TSQuery b)
149149
{
150150
return (VARSIZE(a) < VARSIZE(b)) ? -1 : 1;
151151
}
152-
else
152+
else if (a->size != 0)
153153
{
154154
QTNode *an = QT2QTN(GETQUERY(a), GETOPERAND(a));
155155
QTNode *bn = QT2QTN(GETQUERY(b), GETOPERAND(b));
@@ -247,20 +247,20 @@ tsq_mcontains(PG_FUNCTION_ARGS)
247247
PG_RETURN_BOOL(false);
248248
}
249249

250+
iq = GETQUERY(query);
250251
ie = GETQUERY(ex);
251252

252253
for (i = 0; i < ex->size; i++)
253254
{
254-
iq = GETQUERY(query);
255255
if (ie[i].type != QI_VAL)
256256
continue;
257257
for (j = 0; j < query->size; j++)
258-
if (iq[j].type == QI_VAL && ie[i].qoperand.valcrc == iq[j].qoperand.valcrc)
259-
{
260-
j = query->size + 1;
258+
{
259+
if (iq[j].type == QI_VAL &&
260+
ie[i].qoperand.valcrc == iq[j].qoperand.valcrc)
261261
break;
262-
}
263-
if (j == query->size)
262+
}
263+
if (j >= query->size)
264264
{
265265
PG_FREE_IF_COPY(query, 0);
266266
PG_FREE_IF_COPY(ex, 1);

src/backend/utils/adt/tsquery_util.c

+7-4
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $PostgreSQL: pgsql/src/backend/utils/adt/tsquery_util.c,v 1.13 2010/01/02 16:57:55 momjian Exp $
10+
* $PostgreSQL: pgsql/src/backend/utils/adt/tsquery_util.c,v 1.14 2010/08/03 00:10:39 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -113,20 +113,23 @@ QTNodeCompare(QTNode *an, QTNode *bn)
113113
}
114114
return 0;
115115
}
116-
else
116+
else if (an->valnode->type == QI_VAL)
117117
{
118118
QueryOperand *ao = &an->valnode->qoperand;
119119
QueryOperand *bo = &bn->valnode->qoperand;
120120

121-
Assert(an->valnode->type == QI_VAL);
122-
123121
if (ao->valcrc != bo->valcrc)
124122
{
125123
return (ao->valcrc > bo->valcrc) ? -1 : 1;
126124
}
127125

128126
return tsCompareString(an->word, ao->length, bn->word, bo->length, false);
129127
}
128+
else
129+
{
130+
elog(ERROR, "unrecognized QueryItem type: %d", an->valnode->type);
131+
return 0; /* keep compiler quiet */
132+
}
130133
}
131134

132135
static int

0 commit comments

Comments
 (0)