Thread: [BUGS] BUG #14472: Backend crashes on array append for domains of array with constraint check
[BUGS] BUG #14472: Backend crashes on array append for domains of array with constraint check
From
marcos.castedo@anachronics.com
Date:
The following bug has been logged on the website: Bug reference: 14472 Logged by: Marcos Castedo Email address: marcos.castedo@anachronics.com PostgreSQL version: 9.6.1 Operating system: Debian stretch Description: We have an issue related with bug #14414 reported on PostgreSQL 9.6.1. Test case: BEGIN; CREATE OR REPLACE FUNCTION x_domain_test_check(integer[]) RETURNS boolean AS $$ BEGIN RETURN true; END; $$ LANGUAGE plpgsql IMMUTABLE; CREATE DOMAIN x_domain_test AS integer[] CHECK(x_domain_test_check(value)); DO $$ DECLARE v_test x_domain_test; BEGIN v_test := '{}'::x_domain_test; v_test := v_test || 1; --SEGV on 9.6.1 with #14414 fixed END; $$; ROLLBACK; With 9.6.1 vanilla the test case fails with SPI_connect error (SPI_ERROR_CONNECT), but with the following patch applied (taken from #14414's fix on github) the backend crashes with "Segmentation fault". --- postgresql-9.6.1/src/pl/plpgsql/src/pl_exec.c 2016-10-24 17:08:51.000000000 -0300 +++ postgresql-9.6.1-1/src/pl/plpgsql/src/pl_exec.c 2016-12-21 12:38:39.176980654 -0300 @@ -6102,6 +6102,8 @@ exec_cast_value(PLpgSQL_execstate *estat ExprContext *econtext = estate->eval_econtext; MemoryContext oldcontext; + SPI_push(); + oldcontext = MemoryContextSwitchTo(econtext->ecxt_per_tuple_memory); econtext->caseValue_datum = value; @@ -6115,6 +6117,8 @@ exec_cast_value(PLpgSQL_execstate *estat cast_entry->cast_in_use = false; MemoryContextSwitchTo(oldcontext); + + SPI_pop(); } } -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
Re: [BUGS] BUG #14472: Backend crashes on array append for domains of array with constraint check
From
Tom Lane
Date:
marcos.castedo@anachronics.com writes: > We have an issue related with bug #14414 reported on PostgreSQL 9.6.1. [ pokes at that ... ] Hm, I bet it would have failed before the #14414 patch too, though perhaps with different symptoms. The x_domain_test_check function is receiving a read/write pointer to the array, so it thinks it can modify or delete the array value in-place. Will fix, thanks for the report! regards, tom lane -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs