On Fri, Apr 10, 2026 at 1:03 PM Jeff Davis <pgsql@j-davis.com> wrote:
On Sun, 2026-04-05 at 11:06 -0400, Andrew Dunstan wrote: > Pushed. I have moved the remaining get_*_ddl items to PG20-1
The line:
role_settings = DatumGetArrayTypeP(datum);
should be DatumGetArrayTypePCopy(), because it's being pfree()d later. The existing code will sometimes make a copy and sometimes not, e.g.:
-- settings are contrived to make the datum inline CREATE USER u1; ALTER ROLE u1 SET search_path = 'public, pg_catalog, pg_temp'; ALTER ROLE u1 SET work_mem='64MB'; ALTER ROLE u1 SET statement_timeout='30s'; ALTER ROLE u1 SET lock_timeout='10s'; ALTER ROLE u1 SET idle_in_transaction_session_timeout = '60s'; SELECT pg_get_role_ddl('u1'); ERROR: pfree called with invalid pointer 0x7986dd0c7cc8 (header 0x0000400600000000)
Yes, it appears to be a bug. Attached a patch to fix this. Tested with the
attached patch and don't see server crashing after that.
postgres=# CREATE DATABASE crashtest TEMPLATE template0 LC_COLLATE 'C' LC_CTYPE 'C'; ALTER DATABASE crashtest SET search_path = 'public, pg_catalog'; ALTER DATABASE crashtest SET work_mem = '64MB'; ALTER DATABASE crashtest SET statement_timeout = '30s'; ALTER DATABASE crashtest SET random_page_cost = 1.5; SELECT pg_get_database_ddl('crashtest'); CREATE DATABASE ALTER DATABASE ALTER DATABASE ALTER DATABASE ALTER DATABASE pg_get_database_ddl ------------------------------------------------------------------------------------------------------------ CREATE DATABASE crashtest WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'C'; ALTER DATABASE crashtest OWNER TO azureuser; ALTER DATABASE crashtest SET search_path TO 'public, pg_catalog'; ALTER DATABASE crashtest SET work_mem TO '64MB'; ALTER DATABASE crashtest SET statement_timeout TO '30s'; ALTER DATABASE crashtest SET random_page_cost TO '1.5'; (6 rows)
