Segfault when using function and custom-type

Поиск
Список
Период
Сортировка
От Robins Tharakan
Тема Segfault when using function and custom-type
Дата
Msg-id CAEP4nAwKtUUYNXB=UJEVN02trNYaLUBvo7w4E97pSLQRynRNsg@mail.gmail.com
обсуждение исходный текст
Ответы Re: Segfault when using function and custom-type  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-bugs
Дерево обсуждения 
Hi,

The following SQL causes a Segfault on multiple branches.

It uses a custom-type / function definitions from the script
/src/test/regress/sql/create_type.sql and although I see that the
documentation mentions that custom types have a sharp-edge, reporting
it nonetheless to see if we could avoid a crash.


Sample SQL - Tested on 7fed801135
==========
$ psql postgres
psql (15beta1, server 16devel)
postgres=# BEGIN;
BEGIN
postgres=*# CREATE TYPE base_type;
CREATE TYPE
postgres=*# CREATE FUNCTION base_fn_in(cstring) RETURNS base_type AS 'boolin'
postgres-*#     LANGUAGE internal IMMUTABLE STRICT;
NOTICE:  return type base_type is only a shell
CREATE FUNCTION
postgres=*# CREATE FUNCTION base_fn_out(base_type) RETURNS cstring AS 'boolout'
postgres-*#     LANGUAGE internal IMMUTABLE STRICT;
NOTICE:  argument type base_type is only a shell
CREATE FUNCTION
postgres=*# CREATE TYPE base_type(INPUT = base_fn_in, OUTPUT = base_fn_out);
CREATE TYPE
postgres=*# select base_fn_out('t');
server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.
The connection to the server was lost. Attempting reset: Succeeded.



Backtrace
=========
Program received signal SIGSEGV, Segmentation fault.
0x00005605e21a9b75 in pg_detoast_datum (datum=0x1) at fmgr.c:1710
1710            if (VARATT_IS_EXTENDED(datum))
(gdb) bt full
#0  0x00005605e21a9b75 in pg_detoast_datum (datum=0x1) at fmgr.c:1710
No locals.
#1  0x00005605e1c1cebc in coerce_type (pstate=0x5605e39cecb8,
node=0x5605e39ceed8, inputTypeId=705, targetTypeId=81920,
targetTypeMod=-1, ccontext=COERCION_IMPLICIT,
    cformat=COERCE_IMPLICIT_CAST, location=-1) at parse_coerce.c:326
        newcon = 0x5605e39cf4a8
        baseTypeId = 81920
        baseTypeMod = -1
        inputTypeMod = -1
        pcbstate = {pstate = 0x5605e39cecb8, location = 19,
errcallback = {previous = 0x0, callback = 0x5605e1c39fed
<pcb_error_callback>, arg = 0x7ffe72774730}}
        con = 0x5605e39ceed8
        baseType = 0x7f556368c110
        result = 0x5605e39ce9b0
        pathtype = COERCION_PATH_NONE
        funcId = 4294967295
        __func__ = "coerce_type"
#2  0x00005605e1c357e9 in make_fn_arguments (pstate=0x5605e39cecb8,
fargs=0x5605e39cef28, actual_arg_types=0x7ffe72774970,
declared_arg_types=0x5605e39cef80) at parse_func.c:1861
        node = 0x5605e39ceed8
        current_fargs__state = {l = 0x5605e39cef28, i = 0}
        current_fargs = 0x5605e39cef40
        i = 0
#3  0x00005605e1c3341d in ParseFuncOrColumn (pstate=0x5605e39cecb8,
funcname=0x5605e39ce9b0, fargs=0x5605e39cef28, last_srf=0x0,
fn=0x5605e39cea58, proc_call=false, location=7)
    at parse_func.c:676
        is_column = false
        agg_order = 0x0
        agg_filter = 0x0
        over = 0x0
        agg_within_group = false
        agg_star = false
        agg_distinct = false
        func_variadic = false
        funcformat = COERCE_EXPLICIT_CALL
        could_be_projection = false
        rettype = 2275
        funcid = 81922
        l = 0x0
        first_arg = 0x5605e39ceed8
        nargs = 1
        nargsplusdefs = 1
        actual_arg_types = {705, 0, 0, 0, 256, 0, 629600000,
1008947352, 1, 5, 3793899680, 22021, 1920420384, 32766, 3793629783,
22021, 1296236545, 0, 3818712856, 22021, 16, 0, 0, 0, 0, 0,
          0, 0, 1296236544, 0, 3818712904, 22021, 0, 0, 0, 0, 0, 0, 0,
0, 1296236544, 0, 3818712856, 22021, 8, 0, 0, 0, 0, 0, 0, 0,
4294967294, 0, 629600000, 1008947352, 3818712792, 22021,
          3793899680, 22021, 1920420576, 32766, 3793631297, 22021, 0,
0, 32, 0, 3818711544, 22021, 0, 0, 3818708624, 22021, 3818712872,
22021, 4869, 0, 3818708624, 22021, 3818712872,
          22021, 32, 0, 0, 0, 0, 0, 1585, 0, 629600000, 1008947352,
1920420624, 32766, 3789484038, 22021, 1920420656, 32766, 1, 1}
        declared_arg_types = 0x5605e39cef80
        argnames = 0x0
        argdefaults = 0x0
        retval = 0x0
        retset = false
        nvargs = 0
        vatype = 0
        fdresult = FUNCDETAIL_NORMAL
        aggkind = 0 '\000'
        pcbstate = {pstate = 0x5605e39cecb8, location = 7, errcallback
= {previous = 0x0, callback = 0x5605e1c39fed <pcb_error_callback>, arg
= 0x7ffe72774940}}
        __func__ = "ParseFuncOrColumn"


To add, base_fn_in() also exhibits similar behaviour for both 't' and 'f'
as arguments. This was tested on REL_12_STABLE / REL_15_STABLE and master.
Thanks to SQLSmith / SQLReduce for the find.

-
Robins Tharakan
Amazon Web Services

В списке pgsql-bugs по дате отправления:

Предыдущее
От: hubert depesz lubaczewski
Дата:
Сообщение: Re: pg_restore deadlocks with itself
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Segfault when using function and custom-type