PGconn::connect segfaults with certain arguments

[ged]

Original report by Michael Granger (Bitbucket: ged, GitHub: ged).

---

There's a problem with the way PGconn parses connection arguments, reported via 'omarqureshi' on the [[irc://irc.freenode.net/#ruby-lang|#ruby-lang IRC channel]].

He posted a backtrace in [[https://gist.github.com/ed348fd1757c22164a58|a gist on Github]]:

ruby-1.9.2-p180 :001 > require 'pg'
 => true
ruby-1.9.2-p180 :002 > PGconn.connect
(irb):2: [BUG] Segmentation fault
ruby 1.9.2p180 (2011-02-18 revision 30909) [x86_64-darwin10.6.0]

-- control frame ----------
c:0025 p:---- s:0087 b:0087 l:000086 d:000086 CFUNC :initialize
c:0024 p:---- s:0085 b:0085 l:000084 d:000084 CFUNC :new
c:0023 p:0015 s:0082 b:0082 l:002118 d:000081 EVAL (irb):2
c:0022 p:---- s:0080 b:0080 l:000079 d:000079 FINISH
c:0021 p:---- s:0078 b:0078 l:000077 d:000077 CFUNC :eval
c:0020 p:0028 s:0071 b:0071 l:000070 d:000070 METHOD [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/workspace.rb:80
c:0019 p:0033 s:0064 b:0063 l:000062 d:000062 METHOD [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/context.rb:254
c:0018 p:0031 s:0058 b:0058 l:0009f8 d:000057 BLOCK [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:159
c:0017 p:0042 s:0050 b:0050 l:000049 d:000049 METHOD [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:273
c:0016 p:0011 s:0045 b:0045 l:0009f8 d:000044 BLOCK [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:156
c:0015 p:0144 s:0041 b:0041 l:000024 d:000040 BLOCK [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:243
c:0014 p:---- s:0038 b:0038 l:000037 d:000037 FINISH
c:0013 p:---- s:0036 b:0036 l:000035 d:000035 CFUNC :loop
c:0012 p:0009 s:0033 b:0033 l:000024 d:000032 BLOCK [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:229
c:0011 p:---- s:0031 b:0031 l:000030 d:000030 FINISH
c:0010 p:---- s:0029 b:0029 l:000028 d:000028 CFUNC :catch
c:0009 p:0023 s:0025 b:0025 l:000024 d:000024 METHOD [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:228
c:0008 p:0046 s:0022 b:0022 l:0009f8 d:0009f8 METHOD [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:155
c:0007 p:0011 s:0019 b:0019 l:000e28 d:000018 BLOCK [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:70
c:0006 p:---- s:0017 b:0017 l:000016 d:000016 FINISH
c:0005 p:---- s:0015 b:0015 l:000014 d:000014 CFUNC :catch
c:0004 p:0183 s:0011 b:0011 l:000e28 d:000e28 METHOD [..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:69
c:0003 p:0142 s:0006 b:0006 l:0014e8 d:000f08 EVAL [..]ruby-1.9.2-p180/bin/irb:16
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:0014e8 d:0014e8 TOP
---------------------------
-- Ruby level backtrace information ----------------------------------------
[..]ruby-1.9.2-p180/bin/irb:16:in `<main>'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:69:in `start'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:69:in `catch'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:70:in `block in start'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:155:in `eval_input'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:228:in `each_top_level_statement'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:228:in `catch'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:229:in `block in each_top_level_statement'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:229:in `loop'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/ruby-lex.rb:243:in `block (2 levels) in each_top_level_statement'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:156:in `block in eval_input'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:273:in `signal_status'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb.rb:159:in `block (2 levels) in eval_input'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/context.rb:254:in `evaluate'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/workspace.rb:80:in `evaluate'
[..]ruby-1.9.2-p180/lib/ruby/1.9.1/irb/workspace.rb:80:in `eval'
(irb):2:in `irb_binding'
(irb):2:in `new'
(irb):2:in `initialize'

-- C level backtrace information -------------------------------------------

[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html

zsh: abort irb

[ged]

Original comment by Michael Granger (Bitbucket: ged, GitHub: ged).

---

Here's my gdb backtrace for the zero-arg call:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000002000
0x00007fff822b1120 in strlen ()
(gdb) bt 10
#0  0x00007fff822b1120 in strlen ()
#1  0x000000010010fa0f in BSD_vfprintf (fp=0x7fff5fbfdc30, fmt0=<optimized>, 
	ap=0x7fff5fbfdca0) at vsnprintf.c:927
#2  0x000000010011002c in rb_enc_vsprintf (enc=0x0, 
	fmt=0x100552db0 "Expected connection info string, hash, or 7 
	separate arguments, got a %s.", ap=0x7fff5fbfdca0) at sprintf.c:1170
#3  0x00000001000477a4 in rb_raise (exc=4303972400, fmt=<optimized>) 
	at error.c:1471
#4  0x000000010054ab63 in parse_connect_args (argc=0, argv=0x100400038, 
	self=<optimized>) at pg.c:295
#5  0x000000010054b2d9 in pgconn_init (argc=<optimized>, argv=<optimized>, 
	self=4328694120) at pg.c:409
#6  0x000000010017d214 in vm_call0 (th=0x1003016b0, recv=<optimized>, id=456, 
	argc=0, argv=0x100400038, me=0x1003c5750) at vm_eval.c:79
#7  0x000000010018242e in rb_funcall2 (recv=4328694120, mid=<optimized>, 
	argc=0, argv=0x100400038) at vm_eval.c:235
#8  0x000000010009c263 in rb_class_new_instance (argc=0, argv=0x100400038, 
	klass=<optimized>) at object.c:1545
#9  0x0000000100187c03 in vm_call_cfunc [inlined] () at 
	/Users/ged/.rvm/src/ruby-1.9.2-p180/vm_insnhelper.c:402
(More stack frames follow...)

[ged]

Original comment by Michael Granger (Bitbucket: ged, GitHub: ged).

---

Move connection-parameter parsing into Ruby, and make option-handling more
flexible. No longer segfaults on no-option, <7-option array, and other combinations
of arguments to ::connect and ::connect_start. Fixes #67.