Able to trigger backend segmentation faults via tsearch2

Tom, what we need to diagnose this is a script that simply tries to touch date_last_message (or any other field without touching description or one bug at a time, printing it out. We'll get this run on carbon and see what bug it is, and then we can investigate from there.

Can do, but I wonder, why would an update to the date_last_message column trigger a rebuild of the FTI? Shouldn't we make sure that this isn't the case?

I'm pretty sure, but just updating the column and crashing will help us
find out if it's true or not.

bzr+ssh://devpad.canonical.com/code/tom.berger/launchpad/bug-141637/scripts/bug-141637.py

I tracked down one of the rows that triggers this and reported the bug upstream (Bug #144740).

I have a patch to fti.py that trims the text being indexed to the first 2500 characters of any field. This works around the issue, at least in the cases we have.

Dropped to medium as we have worked around the problem.

In the duplicate, Stuart uploaded a script which reproduces the problem with real-world data: http://launchpadlibrarian.net/9501485/crashme.sql

Correcting postgresql package. postgresql was removed long ago.

Erm... this is a duplicate of Bug #144740 if anything, not the other way around. This bug is on a launchpad specific crash. Bug #144740 is the superset of this one.

The Launchpad crash is the symptom, but it is the exact same bug. The right thing to do is update the summary and description to reflect this; I'll do that now.

Fix committed as per http://archives.postgresql.org/pgsql-bugs/2007-09/msg00138.php

Upstream fix:

 http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/tsearch2/tsvector.c?r1=1.26&r2=1.26.2.1

This looks fine for an SRU, too. Reproduction recipe:

$ apt-get install postgresql-8.2 postgresql-contrib-8.2

# drop default cluster and create one with locale "C", to work with the reproducer script
$ sudo pg_dropcluster 8.2 main --stop
$ sudo pg_createcluster 8.2 main --locale C --start

$ run reproducer:
$ sudo -u postgres -i
$ createdb test
$ psql test -f crashme.sql

This will spin the CPU and hang for a while, until it eventually crashes.

postgresql-8.2 (8.2.5-1.1) gutsy; urgency=low

  * Upload bzr head to Gutsy to get the fix below quickly.
  * Add debian/patches/00upstream-tsearch2-compareWORD.patch:
    - Fix tsearch2's compareWORD() function to return 0 on identical strings.
      This avoids endless loops for situations where identical strings appear
      in sort lists (which Should Not Happen™, but do anyway).
    - Patch taken from upstream CVS:
      http://developer.postgresql.org/cvsweb.cgi/pgsql/contrib/tsearch2/tsvector.c?r1=1.26&r2=1.26.2.1
    - Thanks to Stuart Bishop for finding the bug and providing a reproducer.
    - (LP: #141637)

 -- Martin Pitt <email address hidden> Fri, 28 Sep 2007 15:12:33 +0200

Considering for SRU.

FYI, I updated the dapper/8.2 backport for this bug fix, too:

  deb http://people.ubuntu.com/~pitti/packages/postgresql-8.2-dapper/ ./

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.