On Tue, Jul 12, 2016 at 11:40 AM, Peter Geoghegan <pg@heroku.com> wrote:
> Interesting discovery. How did you fuzz test?
This appears to be a NULL pointer dereference. Here is a backtrace
with proper debug info:
#0 0x0000000000e45ada in normalize_phrase_tree (node=0x0) at
tsquery_cleanup.c:397
#1 0x0000000000e468f3 in normalize_phrase_tree (node=<optimized out>)
at tsquery_cleanup.c:416
#2 0x0000000000e4687f in normalize_phrase_tree (node=0x0) at
tsquery_cleanup.c:543
#3 0x0000000000e44ce9 in cleanup_fakeval_and_phrase (in=<optimized
out>) at tsquery_cleanup.c:603
#4 0x0000000000e3f528 in parse_tsquery (buf=<optimized out>,
pushval=0x6250002e9490, opaque=<optimized out>, isplain=<optimized
out>) at tsquery.c:695
#5 0x0000000000c8abcf in to_tsquery_byid (fcinfo=<optimized out>) at
to_tsany.c:372
#6 0x0000000000ee0cc6 in DirectFunctionCall2Coll (func=0xc8aac0
<to_tsquery_byid>, collation=1342381084, arg1=12126,
arg2=108095739809240) at fmgr.c:1049
#7 0x000000000093d2a9 in ExecMakeFunctionResultNoSets
(fcache=<optimized out>, econtext=0x6250002ee368, isNull=<optimized
out>, isDone=<optimized out>) at execQual.c:2041
#8 0x000000000093a89c in ExecTargetList (targetlist=0x6250002ef0e0,
tupdesc=<optimized out>, econtext=<optimized out>,
values=0x6250002eefb8, isnull=0x6250002eefd8 "\276~\276\276\276"...,
itemIsDone=0x6250002ef118, isDone=<optimized out>) at execQual.c:5376
#9 0x000000000093a5ab in ExecProject (projInfo=<optimized out>,
isDone=<optimized out>) at execQual.c:5600
***SNIP ***
--
Peter Geoghegan
