BUG #18497: Heap-use-after-free in plpgsql
От | PG Bug reporting form |
---|---|
Тема | BUG #18497: Heap-use-after-free in plpgsql |
Дата | |
Msg-id | 18497-fe93b6da82ce31d4@postgresql.org обсуждение исходный текст |
Ответы |
Re: BUG #18497: Heap-use-after-free in plpgsql
|
Список | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 18497 Logged by: Nikita Kalinin Email address: n.kalinin@postgrespro.ru PostgreSQL version: 16.3 Operating system: ubuntu 22.04 Description: When building postgresql on REL_16_STABLE tag with ASAN assertion error: #0 0x00007f491f4419fc in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x00007f491f4419fc in pthread_kill () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f491f3ed476 in raise () from /lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f491f3d37f3 in abort () from /lib/x86_64-linux-gnu/libc.so.6 #3 0x00005557ce0b3c22 in __sanitizer::Abort() () #4 0x00005557ce0bf7dc in __sanitizer::Die() () #5 0x00005557ce09ec8c in __asan::ScopedInErrorReport::~ScopedInErrorReport() () #6 0x00005557ce09e525 in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) () #7 0x00005557ce09f24b in __asan_report_load4 () #8 0x00005557ce841147 in expr_setup_walker (node=node@entry=0x61900002e4b8, info=info@entry=0x7ffec42a0170) at execExpr.c:2757 #9 0x00005557ce84337d in ExecCreateExprSetupSteps ( state=state@entry=0x625000070d08, node=node@entry=0x61900002e4b8) at execExpr.c:2659 #10 0x00005557ce8515e7 in ExecInitExprWithParams (node=0x61900002e4b8, ext_params=ext_params@entry=0x625000075a18) at execExpr.c:180 #11 0x00007f49111a0a85 in exec_eval_simple_expr ( estate=estate@entry=0x7ffec42a0790, expr=expr@entry=0x62500005aa98, result=result@entry=0x7ffec42a0340, isNull=isNull@entry=0x7ffec42a03d0, rettype=rettype@entry=0x7ffec42a03e0, rettypmod=rettypmod@entry=0x7ffec42a03f0) at pl_exec.c:6178 #12 0x00007f49111a3788 in exec_eval_expr (estate=estate@entry=0x7ffec42a0790, expr=expr@entry=0x62500005aa98, isNull=isNull@entry=0x7ffec42a03d0, rettype=rettype@entry=0x7ffec42a03e0, rettypmod=rettypmod@entry=0x7ffec42a03f0) at pl_exec.c:5702 #13 0x00007f49111afb18 in exec_assign_expr (estate=<optimized out>, target=0x625000075ad0, expr=0x62500005aa98) at pl_exec.c:5034 #14 0x00007f49111aff36 in exec_stmt_assign (estate=estate@entry=0x7ffec42a0790, stmt=stmt@entry=0x62500005bf30) at pl_exec.c:2155 #15 0x00007f49111b365c in exec_stmts (estate=estate@entry=0x7ffec42a0790, stmts=0x62500005bf78) at pl_exec.c:2019 #16 0x00007f49111b5242 in exec_stmt_block (estate=estate@entry=0x7ffec42a0790, block=block@entry=0x62500005bfc8) at pl_exec.c:1942 #17 0x00007f49111b54cc in exec_toplevel_block (estate=estate@entry=0x7ffec42a0790, block=0x62500005bfc8) at pl_exec.c:1633 #18 0x00007f49111b6234 in plpgsql_exec_function (func=func@entry=0x629000024ad0, fcinfo=fcinfo@entry=0x625000058100, simple_eval_estate=simple_eval_estate@entry=0x0, simple_eval_resowner=simple_eval_resowner@entry=0x0, procedure_resowner=procedure_resowner@entry=0x0, atomic=<optimized out>) at pl_exec.c:622 #19 0x00007f49111dfa3f in plpgsql_call_handler (fcinfo=<optimized out>) at pl_handler.c:277 #20 0x00005557ce874901 in ExecInterpExpr (state=0x625000058028, econtext=0x625000057d50, isnull=0x7ffec42a0bd0) at execExprInterp.c:734 #21 0x00005557ce8614df in ExecInterpExprStillValid (state=0x625000058028, econtext=0x625000057d50, isNull=0x7ffec42a0bd0) at execExprInterp.c:1870 #22 0x00005557ce98f19b in ExecEvalExprSwitchContext (isNull=0x7ffec42a0bd0, econtext=0x625000057d50, state=0x625000058028) at ../../../src/include/executor/executor.h:355 #23 ExecProject (projInfo=0x625000058020) at ../../../src/include/executor/executor.h:389 #24 ExecResult (pstate=<optimized out>) at nodeResult.c:136 #25 0x00005557ce8b104f in ExecProcNodeFirst (node=0x625000057c40) at execProcnode.c:464 #26 0x00005557ce88f146 in ExecProcNode (node=0x625000057c40) at ../../../src/include/executor/executor.h:273 #27 ExecutePlan (estate=estate@entry=0x625000057a18, planstate=0x625000057c40, use_parallel_mode=<optimized out>, use_parallel_mode@entry=false, operation=operation@entry=CMD_SELECT, sendTuples=true, numberTuples=numberTuples@entry=0, direction=ForwardScanDirection, dest=0x625000085098, execute_once=true) at execMain.c:1670 #28 0x00005557ce88f747 in standard_ExecutorRun (queryDesc=0x619000001a98, direction=ForwardScanDirection, count=0, execute_once=execute_once@entry=true) at execMain.c:365 #29 0x00005557ce88f9ab in ExecutorRun (queryDesc=queryDesc@entry=0x619000001a98, direction=direction@entry=ForwardScanDirection, count=count@entry=0, execute_once=execute_once@entry=true) at execMain.c:309 #30 0x00005557cf025d95 in PortalRunSelect (portal=portal@entry=0x625000025a18, forward=forward@entry=true, count=0, count@entry=9223372036854775807, dest=dest@entry=0x625000085098) at pquery.c:924 #31 0x00005557cf02c02c in PortalRun (portal=portal@entry=0x625000025a18, count=count@entry=9223372036854775807, isTopLevel=isTopLevel@entry=true, run_once=run_once@entry=true, dest=dest@entry=0x625000085098, altdest=altdest@entry=0x625000085098, qc=<optimized out>) at pquery.c:768 #32 0x00005557cf01fd70 in exec_simple_query (query_string=query_string@entry=0x625000005218 "select f1();") at postgres.c:1274 #33 0x00005557cf024b87 in PostgresMain (dbname=dbname@entry=0x6250000020c8 "contrib_regression", username=username@entry=0x6250000020f8 "test") at postgres.c:4637 #34 0x00005557cedc385d in BackendRun (port=port@entry=0x614000001840) at postmaster.c:4464 #35 0x00005557cedcbfe6 in BackendStartup (port=port@entry=0x614000001840) at postmaster.c:4192 #36 0x00005557cedcc5e3 in ServerLoop () at postmaster.c:1782 #37 0x00005557cedcec0e in PostmasterMain (argc=argc@entry=3, argv=argv@entry=0x6030000002e0) at postmaster.c:1466 #38 0x00005557cea1f054 in main (argc=3, argv=0x6030000002e0) at main.c:198 How to reproduce: Build postgresql with the following parameters: export ASAN_OPTIONS=detect_leaks=0:abort_on_error=1:disable_coredump=0:strict_string_checks=1:check_initialization_order=1:strict_init_order=1 CPPFLAGS="-Og -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -fno-sanitize=nonnull-attribute -fstack-protector" LDFLAGS='-fsanitize=address -fsanitize=undefined -static-libasan' ./configure --enable-tap-tests --enable-debug --enable-cassert >/dev/null && make -j4 -s && make -j4 -s -C contrib && make check Two sql files are required: cat 1.sql create table t1(a int, b int); select pg_sleep(1); cat 2.sql select pg_sleep(1); create function g1(out a int, out b int) as $$ select 10,20; $$ language sql; create function f1() returns void as $$ declare r record; begin r := g1(); end; $$ language plpgsql; select f1(); drop function g1(); create function g1(out a int, out b int) returns setof record as $$ select * from t1; $$ language sql; select f1(); select f1(); Playback script: ( psql -f 1.sql &> 1.log ) & ( psql -f 2.sql &> 2.log ) & wait
В списке pgsql-bugs по дате отправления:
Предыдущее
От: David RowleyДата:
Сообщение: Re: BUG #18477: A specific SQL query with "ORDER BY ... NULLS FIRST" is performing poorly if an ordering column is n
Следующее
От: MichaelДата:
Сообщение: Re:Re: BUG #18486: Is there something wrong with the calculation in ReorderBufferChangeSize()?