[I've Cc'ed pgsql-bugs and set the Reply-To header to that list.]

On Thu, Jan 27, 2005 at 05:26:26PM +0100, PFC wrote:
I see the same thing with PostgreSQL 8.0.0 (REL8_0_STABLE) on Solaris 9
and FreeBSD 4.11. Here's part of the backtrace from the core dump on
FreeBSD:

(gdb) bt
#0 0x285077f4 in ShrinkPGArray (p=0x1) at int_aggregate.c:130
#1 0x28507929 in int_agg_final_array (fcinfo=0xbfbfeb90) at int_aggregate.c:177
#2 0x8106db8 in ExecMakeFunctionResult (fcache=0x83410a0, econtext=0x83411e8,
isNull=0xbfbfecef "\b0í¿¿¯K\024\b¸z3\bï\003", isDone=0x0) at execQual.c:1042
#3 0x8107583 in ExecEvalFunc (fcache=0x83410a0, econtext=0x83411e8,
isNull=0xbfbfecef "\b0í¿¿¯K\024\b¸z3\bï\003", isDone=0x0) at execQual.c:1459
#4 0x8108beb in ExecEvalExprSwitchContext (expression=0x83410a0, econtext=0x83411e8,
isNull=0xbfbfecef "\b0í¿¿¯K\024\b¸z3\bï\003", isDone=0x0) at execQual.c:2781
#5 0x8145353 in evaluate_expr (expr=0x8337ab8, result_type=1007) at clauses.c:2399

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Michael Fuhr <mike (AT) fuhr (DOT) org> writes:
The intagg source code says

NOTE: This module requires sizeof(void *) to be the same as sizeof(int)

which in English means "this ain't gonna work on 64-bit machines". I've
never bothered to look at it more closely than that ...

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

On Thu, Jan 27, 2005 at 02:22:36PM -0500, Tom Lane wrote:
Hmmm...the PostgreSQL binaries on my Solaris/sparc box are 32-bit
and the FreeBSD box is a 32-bit i386, yet both are susceptible to
the crash. On both boxes, a 32-bit program shows both sizeof(void *)
and sizeof(int) to be 4, so the problem doesn't appear to be due
to that necessary condition not being satisfied.

--
Michael Fuhr
http://www.fuhr.org/~mfuhr/

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Michael Fuhr <mike (AT) fuhr (DOT) org> writes:
On looking at it, the problem is that the functions are defined in such
a way that you can pass any random integer value to int_agg_final_array(),
and it'll try to interpret that as a pointer. So (a) it definitely
cannot work on 64-bit-pointer machines, and (b) it's trivial to crash it
by passing a number that's not a pointer.

The code should be rewritten by someone who has the skill to program
their way out of a paper bag :-( but I don't think there is time for a
proper fix right now. What I'm inclined to do as a stopgap is just to
revoke all privileges from public on the two component functions of the
aggregate, since there is no particularly good reason to allow them to
be called directly anyway.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

I'm sorry, I forgot to say I had the bug with 8rc3, then installed 8.0.0
and it is still crashing.

On Thu, 27 Jan 2005 10:52:37 -0700, Michael Fuhr <mike (AT) fuhr (DOT) org> wrote:



---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings