Bug Report: PostgreSQL 16 crashes on ALTER USER CURRENT_USER WITH PASSWORD - Mailing list pgsql-bugs

Summary

PostgreSQL server crashes with a segmentation fault when executing ALTER USER CURRENT_USER WITH PASSWORD in PostgreSQL 16.10 and 16.11. The crash results in immediate termination of the backend process and forces a full instance restart.

Affected Versions

• PostgreSQL 16.10

• PostgreSQL 16.11

Issue reproduced consistently on both versions.

Environment

• OS: Linux (RHEL 9–compatible)

• Architecture: x86_64

• Build: Official PostgreSQL packages

• Authentication: SCRAM-SHA-256

• Crash observed on primary instance (not hot standby)

(Exact OS/kernel/compiler details can be provided if required.)

Steps to Reproduce

1. Connect to PostgreSQL as a regular role (non-superuser):

   psql -U test_user -d testdb
   

2. Execute the following command:

   ALTER USER CURRENT_USER WITH PASSWORD 'new_password';
   

Expected Result

The password of the current user should be updated successfully, equivalent to:

ALTER USER test_user WITH PASSWORD 'new_password';

Actual Result

PostgreSQL backend process crashes with SIGSEGV (signal 11).
The entire PostgreSQL instance is terminated and automatically restarted.

Server Log Output

LOG:  server process (PID 118262) was terminated by signal 11: Segmentation fault
DETAIL:  Failed process was running: ALTER USER CURRENT_USER WITH PASSWORD 'xxxxxxxx'
LOG:  terminating any other active server processes
LOG:  all server processes terminated; reinitializing

Frequency

• Reproducible 100% of the time

• Occurs immediately upon execution of the statement

Additional Notes

• The issue does not occur when specifying the role name explicitly:

  ALTER USER test_user WITH PASSWORD 'new_password';
  

• The crash appears to be specifically related to the use of CURRENT_USER as the role specification.

Impact

• Any user executing this statement can crash the entire PostgreSQL instance.

• Presents a potential denial-of-service risk in multi-tenant environments.