Re: jsonb crash - Mailing list pgsql-hackers

From Ranier Vilela
Subject Re: jsonb crash
Date
Msg-id CAEudQArythrpiQajjowy+UFBONaVB+85JoXZ5zj1BESYhSna4A@mail.gmail.com
Whole thread Raw
In response to jsonb crash  (Jaime Casanova <jcasanov@systemguards.com.ec>)
List pgsql-hackers
Em qua., 29 de set. de 2021 às 15:55, Jaime Casanova <jcasanov@systemguards.com.ec> escreveu:
Hi,

I found a crash (segmentation fault) on jsonb.
This is the best I could do to reduce the query:

"""
select 
  75 as c1
from
  public.pagg_tab_ml as ref_0,
  lateral (select 
        ref_0.a as c5
      from generate_series(1, 300) as sample_0
      fetch first 78 rows only
      ) as subq_0
where case when (subq_0.c5 < 2)
           then cast(null as jsonb)
           else cast(null as jsonb)
      end ? ref_0.c
"""

And because it needs pagg_tab_ml it should be run a regression database.
This affects at least 14 and 15.

Attached is the backtrace.
Yeah, Coverity has a report about this at function:

JsonbValue *
pushJsonbValue(JsonbParseState **pstateJsonbIteratorToken seq,
                           JsonbValue *jbval)

1. CID undefined: Dereference after null check (FORWARD_NULL)
return pushJsonbValueScalar(pstateseqjbval);

2. CID undefined (#1 of 1): Dereference after null check (FORWARD_NULL)16. var_deref_model: 
Passing pstate to pushJsonbValueScalar, which dereferences null *pstate

res = pushJsonbValueScalar(pstatetok,
                                                                   tok < WJB_BEGIN_ARRAY ||
                                                                   (tok == WJB_BEGIN_ARRAY &&
                                                                        v.val.array.rawScalar) ? &v : NULL);

regards,
Ranier Vilela

pgsql-hackers by date:

Previous
From: Jaime Casanova
Date:
Subject: jsonb crash
Next
From: Tom Lane
Date:
Subject: Re: Empty string in lexeme for tsvector