Request a Demo
Home   >   mailing lists

Re: BUG #19384: Server crash at textout - Mailing list pgsql-bugs

From Rahila Syed
Subject Re: BUG #19384: Server crash at textout
Date
Msg-id CAH2L28tTiH2wNq4tDLcHr2B2NG=kMunJmNfYj5L5tMhQukVnJA@mail.gmail.com
Whole thread Raw
In response to BUG #19384: Server crash at textout  (PG Bug reporting form <noreply@postgresql.org>)
Responses Re: BUG #19384: Server crash at textout
List pgsql-bugs
Tree view
Hi,

On Tue, Jan 20, 2026 at 2:29 PM PG Bug reporting form <noreply@postgresql.org> wrote:
The following bug has been logged on the website:

Bug reference:      19384
Logged by:          Yuxiao Guo
Email address:      dllggyx@outlook.com
PostgreSQL version: 17.7
Operating system:   Ubuntu 20.04 x86-64, docker image postgres:17.7
Description:       

Hi, I found a crash in PostgreSQL. Here are the details:

PoC:
DROP TYPE IF EXISTS foo CASCADE;
CREATE TYPE foo AS (a INT, b INT);
BEGIN;
DECLARE c CURSOR FOR SELECT (i, power(2, 30))::foo FROM
generate_series(1,10) i;
FETCH c;
ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;
FETCH c;


Stacktrace:
#0 0x7ae1c818a00b (gsignal+0xcb)
#1 0x7ae1c8169859 (abort+0x12b)
#2 0x542fa7 (_ZN11__sanitizer5AbortEv+0x47)
#3 0x5414d1 (_ZN11__sanitizer3DieEv+0xc1)
#4 0x528a14 (_ZN6__asan19ScopedInErrorReportD2Ev+0x1c4)
#5 0x52a5da (_ZN6__asan18ReportGenericErrorEmmmmbmjb+0x5ba)
#6 0x523ef6 (__asan_memcpy+0x1d6)
#7 0x17772d5 (textout+0x1b5)
#8 0x1835834 (OutputFunctionCall+0x174)
#9 0x167a568 (record_out+0x828)
#10 0x1835834 (OutputFunctionCall+0x174)
#11 0x595848 (printtup+0x958)
#12 0x1336280 (RunFromStore+0x1d0)
#13 0x1333ec0 (PortalRunSelect+0x150)
#14 0x133321d (PortalRun+0x51d)
#15 0x132f1de (exec_simple_query+0x146e)
#16 0x1328627 (PostgresMain+0x2c57)
#17 0x13192e4 (BackendMain+0xe4)
#18 0x10a26c3 (postmaster_child_launch+0x193)
#19 0x10adb91 (ServerLoop+0x4821)
#20 0x10a76ec (PostmasterMain+0x241c)
#21 0xd5c2b8 (main+0x458)
#22 0x7ae1c816b083 (__libc_start_main+0xf3)
#23 0x4a9c6e (_start+0x2e)



This problem is reproducible, also the issue seems to be linked to cursors
since the type cast with only SELECT statements runs fine.

CREATE TYPE foo AS (a INT, b INT);
ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;

postgres=# SELECT (i, power(2, 30))::foo FROM
generate_series(1,10) i;
       row
-----------------
 (1,1073741824)
 (2,1073741824)
 (3,1073741824)
 (4,1073741824)
 (5,1073741824)
 (6,1073741824)
 (7,1073741824)
 (8,1073741824)
 (9,1073741824)
 (10,1073741824)
(10 rows)

Also, it happens only  if ALTER TYPE to TEXT is run after DECLARING the cursor.

Another observation is that when I lower the exponent to 10, the crash no longer occurs,
but the output is different.

CREATE TYPE foo AS (a INT, b INT);
BEGIN;
DECLARE c CURSOR FOR SELECT (i, power(2, 10))::foo FROM
generate_series(1,10) i;
DECLARE CURSOR
FETCH c;
   row
----------
 (1,1024)
(1 row)

ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;
FETCH c;
   row
----------
 (2,\x10)
(1 row)

Thank you,
Rahila Syed

pgsql-bugs by date:

Previous
From: Kirill Reshke
Date:
Subject: Re: BUG #19382: Server crash at __nss_database_lookup
Next
From: Pierre Forstmann
Date:
Subject: Re: BUG #19384: Server crash at textout