BUG #17725: Sefault when seg_in() called with a large argument - Mailing list pgsql-bugs
From | PG Bug reporting form |
---|---|
Subject | BUG #17725: Sefault when seg_in() called with a large argument |
Date | |
Msg-id | 17725-0a09313b67fbe86e@postgresql.org Whole thread Raw |
Responses |
Re: BUG #17725: Sefault when seg_in() called with a large argument
|
List | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 17725 Logged by: Robins Tharakan Email address: tharakan@gmail.com PostgreSQL version: 15.1 Operating system: Ubuntu 20.04 Description: Hi, The following SQL Segfaults on master (tested on b3bb7d12af). SQL: SELECT seg_in(numeric_out(round(31, 10000))) Backtrace on ea5ae4cae6@REL_14_STABLE: ===================================== #0 __strcpy_avx2 () at ../sysdeps/x86_64/multiarch/strcpy-avx2.S:578 #1 0x00007f31c421f4aa in restore ( result=0x55009893ace0 <error: Cannot access memory at address 0x55009893ace0>, val=31, n=-46) at seg.c:1009 #2 0x00007f31c421dab9 in seg_out (fcinfo=0x7ffe3ddff6c0) at seg.c:135 #3 0x000055d296a40aa9 in FunctionCall1Coll (flinfo=0x55d298735478, collation=0, arg1=94362989160448) at fmgr.c:1138 #4 0x000055d296a42004 in OutputFunctionCall (flinfo=0x55d298735478, val=94362989160448) at fmgr.c:1575 #5 0x000055d29634a8b4 in printtup (slot=0x55d2987344b8, self=0x55d298936cc0) at printtup.c:357 #6 0x000055d2966196c6 in ExecutePlan (estate=0x55d298733f80, planstate=0x55d2987341b8, use_parallel_mode=false, operation=CMD_SELECT, sendTuples=true, numberTuples=0, direction=ForwardScanDirection, dest=0x55d298936cc0, execute_once=true) at execMain.c:1582 #7 0x000055d2966172fd in standard_ExecutorRun (queryDesc=0x55d2987289d0, direction=ForwardScanDirection, count=0, execute_once=true) at execMain.c:361 #8 0x00007f31dbea134d in pgss_ExecutorRun (queryDesc=0x55d2987289d0, direction=ForwardScanDirection, count=0, execute_once=true) at pg_stat_statements.c:1003 #9 0x000055d2966170f3 in ExecutorRun (queryDesc=0x55d2987289d0, direction=ForwardScanDirection, count=0, execute_once=true) at execMain.c:303 Backtrace Full excerpt: ====================== #0 __strcpy_avx2 () at ../sysdeps/x86_64/multiarch/strcpy-avx2.S:578 No locals. #1 0x00007f31c421f4aa in restore ( result=0x55009893ace0 <error: Cannot access memory at address 0x55009893ace0>, val=31, n=-46) at seg.c:1009 buf = "00000000003e1\000\060\060\060\060\060\060\060\060\060\060" p = 0x55d29893ace8 "e+01" exp = 48 i = 17 dp = 11 sign = 0 #2 0x00007f31c421dab9 in seg_out (fcinfo=0x7ffe3ddff6c0) at seg.c:135 seg = 0x55d29872e800 result = 0x55d29893ace0 "3.100000e+01" p = 0x55d29893ace0 "3.100000e+01" #3 0x000055d296a40aa9 in FunctionCall1Coll (flinfo=0x55d298735478, collation=0, arg1=94362989160448) at fmgr.c:1138 fcinfodata = {fcinfo = {flinfo = 0x55d298735478, context = 0x0, resultinfo = 0x0, fncollation = 0, isnull = false, nargs = 1, args = 0x7ffe3ddff6e0}, fcinfo_data = "xTs\230\322U", '\000' <repeats 23 times>, "U\001\000\000\350r\230\322U\000\000\000m\223\230\322U\000"} fcinfo = 0x7ffe3ddff6c0 result = 94362958816336 __func__ = "FunctionCall1Coll" #4 0x000055d296a42004 in OutputFunctionCall (flinfo=0x55d298735478, val=94362989160448) at fmgr.c:1575 No locals. #5 0x000055d29634a8b4 in printtup (slot=0x55d2987344b8, self=0x55d298936cc0) at printtup.c:357 outputstr = 0x55d296882235 <check_stack_depth+13> "\204\300td\276" thisState = 0x55d298735468 attr = 94362989160448 typeinfo = 0x55d2987343a0 myState = 0x55d298936cc0 oldcontext = 0x55d298733e60 buf = 0x55d298936d10 natts = 1 i = 0 Error Log: ========= 2022-12-20 02:44:43.728 UTC [633388] LOG: server process (PID 783919) was terminated by signal 11: Segmentation fault 2022-12-20 02:44:43.728 UTC [633388] DETAIL: Failed process was running: SELECT seg_in(numeric_out(round(31,1000000))); 2022-12-20 02:44:43.728 UTC [633388] LOG: terminating any other active server processes Thanks to SQLSmith / SQLReduce for helping with the find. - Robins Tharakan Amazon Web Services
pgsql-bugs by date: