"Jonathan S. Katz" <jkatz@postgresql.org> writes:
> Confirmed reproducing the crash and that this fixes it. I did a short
> double-take on the error message:
> ERROR: subquery must return only one column
> but it is accurate, given this is what the subquery must do, and zero !=
> one.
Yeah, that's just an artifact of the strange test case.
A more straightforward usage might look like
create table nocols();
select * from nocols n, lateral (values(n.*)) v;
Anyway, this is not a security issue per our normal standards.
It is a crash due to SIGSEGV, but I don't see any likelihood
that it could be exploited for memory disclosure or arbitrary
code execution, so the effects are limited to momentary denial
of service. There are lots of ways to produce DOS if you have
the ability to issue arbitrary SQL, so we generally don't
consider that a security issue unless there's the possibility
of doing more than just crashing one session. Having said that,
a crash is unpleasant, so I'm going to take the small risk of
pushing this not-very-well-vetted patch into today's releases.
BTW, if this *had* been a security issue, we'd much rather you'd
have reported it to security@postgresql.org. The bugs list is
an open channel.
regards, tom lane