Re: Pg17 Crash in Planning (Arrays + Casting + UDF) - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Pg17 Crash in Planning (Arrays + Casting + UDF)
Date
Msg-id 2460140.1728505313@sss.pgh.pa.us
Whole thread Raw
In response to Pg17 Crash in Planning (Arrays + Casting + UDF)  (Paul Ramsey <pramsey@cleverelephant.ca>)
Responses Re: Pg17 Crash in Planning (Arrays + Casting + UDF)
List pgsql-hackers
Paul Ramsey <pramsey@cleverelephant.ca> writes:
> This extremely odd case [2] came in via a report using a lot of PostGIS functions, but it can be reconfigured into a
pure-PostgreSQLcrasher [1]. 

Thanks for the report!  Looks like estimate_array_length() is
incautiously assuming that the "root" pointer it receives will
never be NULL.

The overall code path here is eval_const_expressions ->
simplify_function -> cost_qual_eval -> estimate_array_length,
and the proximate cause of root being NULL is that
simplify_function/inline_function don't take a root pointer,
so they pass NULL root to cost_qual_eval.

We could change their signatures ... but it's explicitly documented
that eval_const_expressions allows NULL for root, so there would
presumably still be code paths that'd fail.  It looks like the only
safe fix is to ensure that estimate_array_length will cope with NULL
for root.

            regards, tom lane



pgsql-hackers by date:

Previous
From: Joe Conway
Date:
Subject: Re: Pg17 Crash in Planning (Arrays + Casting + UDF)
Next
From: Jelte Fennema-Nio
Date:
Subject: Re: sunsetting md5 password support