Thread: 1. PostgreSQL Server Subprocess Went down at function 'pg_detoast_datum_packed'

Description: PostgreSQL Server Subprocess Went down at function ‘pg_detoast_datum_packed’

PostgreSQL Server Version: PostgreSQL 15.2 on x86_64-pc-linux-gnu, compiled by Ubuntu clang version 12.0.1, 64-bit

Discoverer: Jingzhou Fu, Jie Liang and Zhiyong Wu in WingTecher Lab of Tsinghua University and Shuimuyulin ltd

Email address: fjz22@mails.tsinghua.edu.cn  ,   wuzy21@mails.tsinghua.edu.cn  ,  ljiee@mail.tsinghua.edu.cn

 

Way to Reproduce with Docker (write the poc content into file PoC.sql):

```bash

docker container rm some-postgres -f

docker run --name some-postgres -p 5432:5432 -e POSTGRES_PASSWORD=mysecretpassword -d postgres:15.2

 

sleep 5 # wait the server start …

 

docker exec -i some-postgres psql --user=postgres < PoC.sql

 

# Output:

#   server closed the connection unexpectedly

#          This probably means the server terminated abnormally

#          before or while processing the request.

#   connection to server was lost

```

 

PoC:

```sql

CREATE FUNCTION bt_name_heap(cstring)

   RETURNS committs_test

   AS 'textin'

   LANGUAGE internal STRICT IMMUTABLE;

CREATE FUNCTION random(committs_test)

   RETURNS cstring

   AS 'textout'

   LANGUAGE internal STRICT IMMUTABLE;

CREATE TYPE committs_test (

   internallength = 4,

   input = bt_name_heap,

   output = random,

   alignment = int4,

   default = 42,

   passedbyvalue

);

CREATE TABLE seqno (bt_txt_heap committs_test, bt_f8_heap committs_test);

INSERT INTO seqno DEFAULT VALUES;

CREATE TYPE committs_test (

   "Internallength" = 4,

   "Input" = bt_name_heap,

   "Output" = random,

   "Alignment" = int4,

   "Default" = 42,

   "Passedbyvalue"

);

CREATE TYPE bt_name_index AS (f1 committs_test, f2 committs_test);

CREATE FUNCTION get_default_test() RETURNS SETOF bt_name_index AS '

  SELECT * FROM seqno;

' LANGUAGE SQL;

SELECT * FROM get_default_test();

```

 

Backtrace:

```

#0 0x1cc7669 (pg_detoast_datum_packed+0x49)

#1 0x1bd15e9 (text_to_cstring+0x29)

#2 0x1bd5516 (textout+0x46)

#3 0x1cc01da (FunctionCall1Coll+0x3ca)

#4 0x1cc65ff (OutputFunctionCall+0x1f)

#5 0x59c7f6 (printtup+0x406)

#6 0xeb3bdf (ExecutePlan+0x31f)

#7 0xeb3780 (standard_ExecutorRun+0x550)

#8 0xeb3224 (ExecutorRun+0x64)

#9 0x16f6361 (PortalRunSelect+0x241)

#10 0x16f53bd (PortalRun+0x7ed)

#11 0x16e9694 (exec_simple_query+0xe04)

#12 0x16e7a63 (PostgresMain+0x1523)

#13 0x144c17b (BackendRun+0xbb)

#14 0x144ad85 (BackendStartup+0x525)

#15 0x14481e6 (ServerLoop+0x616)

#16 0x1443e0f (PostmasterMain+0x30cf)

#17 0x106ebf2 (main+0x5a2)

#18 0x7f110a910083 (__libc_start_main+0xf3)

#19 0x49fc0e (_start+0x2e)

```

 

<fjz22@mails.tsinghua.edu.cn> writes:
> Description: PostgreSQL Server Subprocess Went down at function
> 'pg_detoast_datum_packed'

I see no bug here.  If you are a superuser, and create incorrect
definitions of C-level functions, you can crash the server.
Even if we thought it was useful to try to prevent incorrect definitions,
doing so would almost certainly be an unsolvable problem.

Every one of the other "bugs" you just submitted appears to also
depend on superusers doing things they should know better than to do.
It's about in the same category as complaining that "sudo rm -rf /"
crashes your system.

            regards, tom lane