Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault when there are trailing zeros in numeric values #520

Closed
niranjan94 opened this issue Jan 7, 2020 · 0 comments · Fixed by #522 or sthagen/MagicStack-asyncpg#2
Closed

Segmentation fault when there are trailing zeros in numeric values #520

niranjan94 opened this issue Jan 7, 2020 · 0 comments · Fixed by #522 or sthagen/MagicStack-asyncpg#2

Comments

@niranjan94
Copy link

  • asyncpg version: 0.20.0
  • PostgreSQL version: 11 & 12
  • Do you use a PostgreSQL SaaS? If so, which? Can you reproduce
    the issue with a local PostgreSQL install?    : AWS RDS (pg 11) & Local (pg 12)
  • Python version: 3.8.1
  • Platform: Mac & Debian 10
  • Do you use pgbouncer?: No
  • Did you install asyncpg with pip?: Yes
  • If you built asyncpg locally, which version of Cython did you use?: Did not build locally
  • Can the issue be reproduced under both asyncio and
    uvloop?    : Yes

asyncpg fails in a segmentation fault when querying rows that contain large numeric values with trailing zeros.

import asyncio
import asyncpg


async def run():
    conn = await asyncpg.connect(
        user='niranjan', password='password',
        database='niranjan', host='192.168.65.2'
    )
    await conn.fetch("""
        SELECT 1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000::numeric
    """)
    await conn.close()


if __name__ == '__main__':
    asyncio.run(run())

This results in

root@docker-desktop:/data# python -q -X faulthandler overflow.py 
Fatal Python error: Segmentation fault

Current thread 0x00007fe4aeca6740 (most recent call first):
  File "/usr/local/lib/python3.8/asyncio/selector_events.py", line 860 in _read_ready__data_received
  File "/usr/local/lib/python3.8/asyncio/selector_events.py", line 803 in _read_ready
  File "/usr/local/lib/python3.8/asyncio/events.py", line 81 in _run
  File "/usr/local/lib/python3.8/asyncio/base_events.py", line 1855 in _run_once
  File "/usr/local/lib/python3.8/asyncio/base_events.py", line 567 in run_forever
  File "/usr/local/lib/python3.8/asyncio/base_events.py", line 599 in run_until_complete
  File "/usr/local/lib/python3.8/asyncio/runners.py", line 43 in run
  File "overflow.py", line 17 in <module>
Segmentation fault

But, adding at least a single number at the end of the trailing zeros ensure the query runs correctly.

SELECT 1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001::numeric
elprans added a commit that referenced this issue Jan 8, 2020
@elprans
Fix errors in numeric binary decoder
1af26e7 
The size of the output buffer in numeric decoder is computed incorrectly
which may lead to stack corruption or access to unitialized memory.

This also fixes incorrect rendering of trailing zeros in some cases.

Fixes: #520
Fixes: #514
@elprans elprans mentioned this issue Jan 8, 2020
Merged
@1st1 1st1 closed this as completed in #522 Jan 9, 2020
1st1 pushed a commit that referenced this issue Jan 9, 2020
@elprans @1st1
Fix errors in numeric binary decoder
851d586 
The size of the output buffer in numeric decoder is computed incorrectly
which may lead to stack corruption or access to unitialized memory.

This also fixes incorrect rendering of trailing zeros in some cases.

Fixes: #520
Fixes: #514
@sthagen sthagen mentioned this issue Jan 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@niranjan94