Request a Demo
Home   >   mailing lists

BUG #19466: Server crash (SIGSEGV) when FETCH after ALTER TYPE during open cursor - Mailing list pgsql-bugs

From PG Bug reporting form
Subject BUG #19466: Server crash (SIGSEGV) when FETCH after ALTER TYPE during open cursor
Date
Msg-id 19466-dc32827173299fd4@postgresql.org
Whole thread
Responses Re: BUG #19466: Server crash (SIGSEGV) when FETCH after ALTER TYPE during open cursor
List pgsql-bugs
Tree view 
The following bug has been logged on the website:

Bug reference:      19466
Logged by:          HaoGang Mao
Email address:      haogangmao@gmail.com
PostgreSQL version: 18.3
Operating system:   Linux
Description:

PostgreSQL version: 18.3
OS: Linux (Docker)

Summary:
PostgreSQL crashes with SIGSEGV when a cursor is open over a composite
type and the type is modified via ALTER TYPE during the same transaction,
followed by a second FETCH.

Reproduction steps (minimal):
  CREATE TYPE foo AS (a INT, b INT);
  BEGIN;
  DECLARE c CURSOR FOR
    SELECT (i, power(2, 30))::foo
    FROM generate_series(1,10) i;
  FETCH c;
  ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;
  FETCH c;
  COMMIT;

Expected: Error message (type modified during active cursor)
Actual:   Server process terminated with signal 11 (Segmentation fault)

Server log:
  client backend (PID 85) was terminated by signal 11: Segmentation fault
  Failed process was running: [above SQL]

Hypothesis:
The cursor holds a reference to the tuple descriptor for type "foo".
After ALTER TYPE modifies the type, the descriptor may be invalidated
while the cursor still holds a dangling pointer to it. The second FETCH
dereferences this invalid pointer.

pgsql-bugs by date:

Previous
From: Shishir Sharma
Date:
Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
Next
From: Ayush Tiwari
Date:
Subject: Re: BUG #19466: Server crash (SIGSEGV) when FETCH after ALTER TYPE during open cursor