BUG #17300: Server crashes on deserializing text multirange

From: PG Bug reporting form <noreply(at)postgresql(dot)org>
To: pgsql-bugs(at)lists(dot)postgresql(dot)org
Cc: exclusion(at)gmail(dot)com
Subject: BUG #17300: Server crashes on deserializing text multirange
Date: 2021-11-27 18:00:01
Message-ID: 17300-dced2d01ddeb1f2f@postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

The following bug has been logged on the website:

Bug reference: 17300
Logged by: Alexander Lakhin
Email address: exclusion(at)gmail(dot)com
PostgreSQL version: 14.1
Operating system: Ubuntu 20.04
Description:

The following query:
select ('[\"\\\\\",\"\\\\' || repeat('a', 200) ||
'\"]')::textrange::textmultirange

leads to the server crash with the following stacktrace:
Core was generated by `postgres: law regression [local] SELECT
'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __memmove_avx_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:440
440 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such
file or directory.
(gdb) bt
#0 __memmove_avx_unaligned_erms () at
../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:440
#1 0x000055d4175fb385 in multirange_get_range (rangetyp=0x55d4195096c0,
multirange=0x55d419513fc8, i=0)
at multirangetypes.c:723
#2 0x000055d4175fba26 in multirange_deserialize (rangetyp=0x55d4195096c0,
multirange=0x55d419513fc8,
range_count=0x7ffec30cb3bc, ranges=0x7ffec30cb3c8) at
multirangetypes.c:830
#3 0x000055d4175fa03c in multirange_out (fcinfo=0x7ffec30cb450) at
multirangetypes.c:311
#4 0x000055d4176fb1de in FunctionCall1Coll (flinfo=0x55d419512a20,
collation=0, arg1=94369446182856) at fmgr.c:1138
#5 0x000055d4176fc79c in OutputFunctionCall (flinfo=0x55d419512a20,
val=94369446182856) at fmgr.c:1575
#6 0x000055d416fd2bff in printtup (slot=0x55d419511978,
self=0x55d41951ff18) at printtup.c:357
#7 0x000055d4172b8ac9 in ExecutePlan (estate=0x55d419511420,
planstate=0x55d419511658, use_parallel_mode=false,
operation=CMD_SELECT, sendTuples=true, numberTuples=0,
direction=ForwardScanDirection, dest=0x55d41951ff18,
execute_once=true) at execMain.c:1582
#8 0x000055d4172b6578 in standard_ExecutorRun (queryDesc=0x55d4194677d0,
direction=ForwardScanDirection, count=0,
execute_once=true) at execMain.c:361
#9 0x000055d4172b6363 in ExecutorRun (queryDesc=0x55d4194677d0,
direction=ForwardScanDirection, count=0,
execute_once=true) at execMain.c:305
#10 0x000055d417533510 in PortalRunSelect (portal=0x55d4194a9110,
forward=true, count=0, dest=0x55d41951ff18)
at pquery.c:921
#11 0x000055d417533134 in PortalRun (portal=0x55d4194a9110,
count=9223372036854775807, isTopLevel=true, run_once=true,
dest=0x55d41951ff18, altdest=0x55d41951ff18, qc=0x7ffec30cb870) at
pquery.c:765
#12 0x000055d41752c01e in exec_simple_query (
query_string=0x55d4194453b0 "select ('[\\\"\\\\\\\\\\\",\\\"\\\\\\\\' ||
repeat('a', 200) || '\\\"]')::textrange::textmultirange;") at
postgres.c:1214
#13 0x000055d417530f0d in PostgresMain (argc=1, argv=0x7ffec30cba90,
dbname=0x55d419470ff8 "regression",
username=0x55d419470fd8 "law") at postgres.c:4486
#14 0x000055d41745579c in BackendRun (port=0x55d419469f10) at
postmaster.c:4530
#15 0x000055d417454ff7 in BackendStartup (port=0x55d419469f10) at
postmaster.c:4252
#16 0x000055d417450dec in ServerLoop () at postmaster.c:1745
#17 0x000055d417450549 in PostmasterMain (argc=8, argv=0x55d41943f620) at
postmaster.c:1417
#18 0x000055d41733fd34 in main (argc=8, argv=0x55d41943f620) at main.c:209

The query without casting to the multirange type:
select ('[\"\\\\\",\"\\\\' || repeat('a', 200) || '\"]')::textrange
doesn't fail.

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message PG Bug reporting form 2021-11-27 18:14:01 BUG #17301: SELECT gets weird result while two transactions are submitted concurrently
Previous Message Juan José Santamaría Flecha 2021-11-26 12:37:49 Re: BUG #17288: PSQL bug with COPY command (Windows)