Quick Links

BUG #17561: Server crashes on executing row() with very long argument list

From:	PG Bug reporting form <noreply(at)postgresql(dot)org>
To:	pgsql-bugs(at)lists(dot)postgresql(dot)org
Cc:	kyzevan23(at)mail(dot)ru
Subject:	BUG #17561: Server crashes on executing row() with very long argument list
Date:	2022-07-29 09:14:12
Message-ID:	17561-80350151b9ad2ad4@postgresql.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

The following bug has been logged on the website:

Bug reference: 17561
Logged by: Egor Chindyaskin
Email address: kyzevan23(at)mail(dot)ru
PostgreSQL version: 14.4
Operating system: Ubuntu 22.04
Description:

When executing the following query:
(echo "SELECT row("; for ((i=1;i<100001;i++)); do echo "'$i',$i,"; done;
echo "'0',0);"; ) | psql
I got server crash with the following backtrace

Core was generated by `postgres: egorchin egorchin [local] SELECT
'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (no_tid=0, signo=6,
threadid=139924478532480) at ./nptl/pthread_kill.c:44
44 ./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0 __pthread_kill_implementation (no_tid=0, signo=6,
threadid=139924478532480) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=139924478532480) at
./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=139924478532480, signo=signo(at)entry=6) at
./nptl/pthread_kill.c:89
#3 0x00007f42b4dad476 in __GI_raise (sig=sig(at)entry=6) at
../sysdeps/posix/raise.c:26
#4 0x00007f42b4d937f3 in __GI_abort () at ./stdlib/abort.c:79
#5 0x0000557e1694f850 in ExceptionalCondition
(conditionName=conditionName(at)entry=0x557e169b2e62 "attributeNumber >= 1",
errorType=errorType(at)entry=0x557e169b0e7f "BadArgument",
fileName=fileName(at)entry=0x557e169b2d7c "tupdesc.c",
lineNumber=lineNumber(at)entry=598) at assert.c:69
#6 0x0000557e1642790a in TupleDescInitEntry
(desc=desc(at)entry=0x7f42a4c8b050,
attributeNumber=attributeNumber(at)entry=-32768,
attributeName=attributeName(at)entry=0x0, oidtypeid=23, typmod=typmod(at)entry=-1,
attdim=attdim(at)entry=0)
at tupdesc.c:598
#7 0x0000557e1664c509 in ExecTypeFromExprList (exprList=0x7f42a7830cf0) at
execTuples.c:2009
#8 0x0000557e1662e8ad in ExecInitExprRec (node=node(at)entry=0x7f42a7830c40,
state=state(at)entry=0x557e17ab7dc8, resv=resv(at)entry=0x557e17ab7dd0,
resnull=resnull(at)entry=0x557e17ab7dcd) at execExpr.c:1915
#9 0x0000557e1662cd36 in ExecInitExprInternal
(node=node(at)entry=0x7f42a7830c40, parent=parent(at)entry=0x0,
ext_params=ext_params(at)entry=0x0, caseval=caseval(at)entry=0x0,
casenull=casenull(at)entry=0x0) at execExpr.c:114
#10 0x0000557e1662cda0 in ExecInitExpr (node=node(at)entry=0x7f42a7830c40,
parent=parent(at)entry=0x0) at execExpr.c:162
#11 0x0000557e1672b2aa in evaluate_expr (expr=expr(at)entry=0x7f42a7830c40,
result_type=2249, result_typmod=result_typmod(at)entry=-1,
result_collation=result_collation(at)entry=0) at clauses.c:4890
#12 0x0000557e1672c45f in eval_const_expressions_mutator
(node=0x7f42a7830c40, context=<optimized out>) at clauses.c:3152
#13 0x0000557e166b9717 in expression_tree_mutator (node=0x7f42a7830588,
mutator=mutator(at)entry=0x557e1672b4f8 <eval_const_expressions_mutator>,
context=context(at)entry=0x7ffe21d656a0) at nodeFuncs.c:3343
#14 0x0000557e1672dab9 in simplify_function (funcid=3155, result_type=114,
result_typmod=-1, result_collid=result_collid(at)entry=0,
input_collid=input_collid(at)entry=0, args_p=args_p(at)entry=0x7ffe21d654a0,
funcvariadic=false,
process_args=true, allow_non_const=true, context=0x7ffe21d656a0) at
clauses.c:3976
#15 0x0000557e1672b77a in eval_const_expressions_mutator
(node=0x7f42a7830948, context=0x7ffe21d656a0) at clauses.c:2481
#16 0x0000557e166b94cd in expression_tree_mutator
(node=node(at)entry=0x7f42a78309a0, mutator=mutator(at)entry=0x557e1672b4f8
<eval_const_expressions_mutator>, context=context(at)entry=0x7ffe21d656a0) at
nodeFuncs.c:3258
#17 0x0000557e1672cbcd in eval_const_expressions_mutator
(node=0x7f42a78309a0, context=0x7ffe21d656a0) at clauses.c:3604
#18 0x0000557e166b9717 in expression_tree_mutator
(node=node(at)entry=0x7f42a78309f8, mutator=mutator(at)entry=0x557e1672b4f8
<eval_const_expressions_mutator>, context=context(at)entry=0x7ffe21d656a0) at
nodeFuncs.c:3343
#19 0x0000557e1672cbcd in eval_const_expressions_mutator
(node=0x7f42a78309f8, context=context(at)entry=0x7ffe21d656a0) at
clauses.c:3604
#20 0x0000557e1672cdaa in eval_const_expressions
(root=root(at)entry=0x557e179ce3f8, node=<optimized out>) at clauses.c:2162
#21 0x0000557e1670b211 in preprocess_expression
(root=root(at)entry=0x557e179ce3f8, expr=<optimized out>, kind=kind(at)entry=1) at
planner.c:1124
#22 0x0000557e167140a2 in subquery_planner (glob=glob(at)entry=0x557e179cec50,
parse=parse(at)entry=0x7f42a9fb2838, parent_root=parent_root(at)entry=0x0,
hasRecursion=hasRecursion(at)entry=false,
tuple_fraction=tuple_fraction(at)entry=0)
at planner.c:792
#23 0x0000557e16714da6 in standard_planner (parse=0x7f42a9fb2838,
query_string=<optimized out>, cursorOptions=2048, boundParams=<optimized
out>) at planner.c:406
#24 0x0000557e1671535b in planner (parse=parse(at)entry=0x7f42a9fb2838,
query_string=query_string(at)entry=0x7f42aace4050 "SELECT
row_to_json(row(\n'1',1,\n'2',2,\n'3',3,\n'4',4,\n'5',5,\n'6',6,\n'7',7,\n'8',8,\n'9',9,\n'10',10,\n'11',11,\n'12',12,\n'13',13,\n'14',14,\n'15',15,\n'16',16,\n'17',17,\n'18',18,\n'19',19,\n'20',20,\n'21',21,\n'22',"...,
cursorOptions=cursorOptions(at)entry=2048, boundParams=boundParams(at)entry=0x0)
at planner.c:277
#25 0x0000557e16804c20 in pg_plan_query
(querytree=querytree(at)entry=0x7f42a9fb2838,
query_string=query_string(at)entry=0x7f42aace4050 "SELECT
row_to_json(row(\n'1',1,\n'2',2,\n'3',3,\n'4',4,\n'5',5,\n'6',6,\n'7',7,\n'8',8,\n'9',9,\n'10',10,\n'11',11,\n'12',12,\n'13',13,\n'14',14,\n'15',15,\n'16',16,\n'17',17,\n'18',18,\n'19',19,\n'20',20,\n'21',21,\n'22',"...,
cursorOptions=cursorOptions(at)entry=2048, boundParams=boundParams(at)entry=0x0)
at postgres.c:883
#26 0x0000557e16804cdd in pg_plan_queries (querytrees=0x7f42a7830aa8,
query_string=query_string(at)entry=0x7f42aace4050 "SELECT
row_to_json(row(\n'1',1,\n'2',2,\n'3',3,\n'4',4,\n'5',5,\n'6',6,\n'7',7,\n'8',8,\n'9',9,\n'10',10,\n'11',11,\n'12',12,\n'13',13,\n'14',14,\n'15',15,\n'16',16,\n'17',17,\n'18',18,\n'19',19,\n'20',20,\n'21',21,\n'22',"...,
cursorOptions=cursorOptions(at)entry=2048, boundParams=boundParams(at)entry=0x0)
at postgres.c:975
#27 0x0000557e168051c1 in exec_simple_query (
query_string=query_string(at)entry=0x7f42aace4050 "SELECT
row_to_json(row(\n'1',1,\n'2',2,\n'3',3,\n'4',4,\n'5',5,\n'6',6,\n'7',7,\n'8',8,\n'9',9,\n'10',10,\n'11',11,\n'12',12,\n'13',13,\n'14',14,\n'15',15,\n'16',16,\n'17',17,\n'18',18,\n'19',19,\n'20',20,\n'21',21,\n'22',"...)
at postgres.c:1169
#28 0x0000557e1680711f in PostgresMain (dbname=<optimized out>,
username=<optimized out>) at postgres.c:4544
#29 0x0000557e1675a808 in BackendRun (port=port(at)entry=0x557e179f9f20) at
postmaster.c:4504
#30 0x0000557e1675d887 in BackendStartup (port=port(at)entry=0x557e179f9f20) at
postmaster.c:4232
#31 0x0000557e1675dac0 in ServerLoop () at postmaster.c:1806
#32 0x0000557e1675f08f in PostmasterMain (argc=argc(at)entry=3,
argv=argv(at)entry=0x557e179c8370) at postmaster.c:1478
#33 0x0000557e1669e9b5 in main (argc=3, argv=0x557e179c8370) at main.c:202

Responses

Re: BUG #17561: Server crashes on executing row() with very long argument list at 2022-07-29 09:56:13 from Francisco Olarte
Re: BUG #17561: Server crashes on executing row() with very long argument list at 2022-07-29 10:14:11 from Alvaro Herrera

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Peter Smith	2022-07-29 09:36:54	Re: Excessive number of replication slots for 12->14 logical replication
Previous Message	Francisco Olarte	2022-07-29 07:30:59	Re: BUG #17560: Planner can not find plan with lowest cost