Re: Pg17 Crash in Planning (Arrays + Casting + UDF)

Paul Ramsey <pramsey@cleverelephant.ca> writes:
> This extremely odd case [2] came in via a report using a lot of PostGIS functions, but it can be reconfigured into a
pure-PostgreSQLcrasher [1]. 

Thanks for the report!  Looks like estimate_array_length() is
incautiously assuming that the "root" pointer it receives will
never be NULL.

The overall code path here is eval_const_expressions ->
simplify_function -> cost_qual_eval -> estimate_array_length,
and the proximate cause of root being NULL is that
simplify_function/inline_function don't take a root pointer,
so they pass NULL root to cost_qual_eval.

We could change their signatures ... but it's explicitly documented
that eval_const_expressions allows NULL for root, so there would
presumably still be code paths that'd fail.  It looks like the only
safe fix is to ensure that estimate_array_length will cope with NULL
for root.

            regards, tom lane