Fri Feb 20 04:13:59 PST 2009
- Previous message: [Slony1-bugs] [Bug 73] Slony-I: old key column xxx.yyy IS NULL on UPDATE
- Next message: [Slony1-bugs] [Bug 73] Slony-I: old key column xxx.yyy IS NULL on UPDATE
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.slony.info/bugzilla/show_bug.cgi?id=73 --- Comment #5 from Adam Buraczewski <aburacze at gmail.com> 2009-02-20 04:13:59 --- > we had the same Problem with the "old" Slony Version, > so it is not a 2.0.0 bug. Well, the handling of the "attkind" parameter inside the logging trigger was the same in older versions of Slony-I (the bug is quite old, it is simply exposed in 2.0.0). The reason is simple: there is no checking for an end of null-terminated string. Look at the output of \d on your table: > Trigger: > _cpdb_cluster_logtrigger AFTER INSERT OR DELETE OR UPDATE ON > product.product FOR EACH ROW EXECUTE PROCEDURE > _cpdb_cluster.logtrigger('_cpdb_cluster', '19', 'k') The last trigger parameter is 'k', while in Slony-I 1.2.x it was something like 'kvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv'. This is the "attkind" parameter. The trigger function expects its length to be equal to the number of columns of the table and iterates through it to find which columns are keys. However, it does not check if the string is shorter than the number of columns (it does not check for a byte 0 terminating the string at all). If the string is shorter, it simply reads random garbage from the memory behind (this is a typical array overrun bug) and when it encounters a 'k' byte among this garbage it treats a random column as a key column and throws an error. In Slony-I 1.2.x the problem was not exposed, since the length of this string was usually as big as the number of columns of the table. However, the bug also existed and when someone added columns to the table without notifying Slony (i.e. without doing it via slonik's EXECUTE SCRIPT command), the trigger was not updated and the "attkind" string was shorter than the number of columns. In that case the error message was the same. I noticed that when Christopher Browne added compression to "attkind" parameter, he prepared a patch to the trigger function (very similar to mine), but somehow this patch was not applied to Slony-I :( Best regards, Adam Buraczewski -- Configure bugmail: http://www.slony.info/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. You are the assignee for the bug.
- Previous message: [Slony1-bugs] [Bug 73] Slony-I: old key column xxx.yyy IS NULL on UPDATE
- Next message: [Slony1-bugs] [Bug 73] Slony-I: old key column xxx.yyy IS NULL on UPDATE
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-bugs mailing list