Re: [HACKERS] crash on 8.2 and cvshead - failed to add item to the

Thu, 25 Jan 2007 07:52:19 -0800 

Heikki Linnakangas wrote:

Joe Conway wrote:

We just came upon a crash bug in Postgres >= 8.2. The attached
standalone script (just needs a database with plpgsql installed)
reproduces the crash for me on 32-bit machines (i686) but NOT on 64 bit
machines (x86_64), for Postgres 8.2 and cvs-head, but not on 8.1. We've
verified this on about four 32 bit machines, and four 64 bit machines
(including one each under vmware on the same host). All machines were
some flavor of Red Hat, Fedora, or Gentoo.



Hmm. There seems to be something wrong in the free space calculation in 
the algorithm for choosing the right split location. I'll dig deeper, 
unless someone beats me to it..



I think I found it. The page splitting code didn't take into account 
that when the new item is the first one on the right page, it also 
becomes the high key of the left page. The fact that this test case 
triggered it in 32 bit machines and not on 64 bit machines was a 
coincidence.


Patch attached.

--
  Heikki Linnakangas
  EnterpriseDB   http://www.enterprisedb.com

Index: src/backend/access/nbtree/nbtinsert.c
===================================================================
RCS file: /home/hlinnaka/pgcvsrepository/pgsql/src/backend/access/nbtree/nbtinsert.c,v
retrieving revision 1.147
diff -c -r1.147 nbtinsert.c
*** src/backend/access/nbtree/nbtinsert.c	5 Jan 2007 22:19:23 -0000	1.147
--- src/backend/access/nbtree/nbtinsert.c	25 Jan 2007 15:50:36 -0000
***************
*** 1153,1159 ****
  			/* need to try it both ways! */
  			_bt_checksplitloc(&state, offnum, leftfree, rightfree,
  							  true, itemsz);
! 			/* here we are contemplating newitem as first on right */
  			_bt_checksplitloc(&state, offnum, leftfree, rightfree,
  							  false, newitemsz);
  		}
--- 1153,1166 ----
  			/* need to try it both ways! */
  			_bt_checksplitloc(&state, offnum, leftfree, rightfree,
  							  true, itemsz);
! 
! 			/* here we are contemplating newitem as first on right.
! 			 *
! 			 * The new item is going to be the high key of the left page
! 			 * instead of the current item that we subtracted from leftfree 
! 			 * above. 
! 			 */
! 			leftfree = leftfree + ((int) itemsz) - ((int) newitemsz);
  			_bt_checksplitloc(&state, offnum, leftfree, rightfree,
  							  false, newitemsz);
  		}

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster






















					Reply via email to