| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | exclusion(at)gmail(dot)com |
| Subject: | BUG #18598: AddressSanitizer detects use after free inside json_unique_hash_match() |
| Date: | 2024-09-01 19:00:01 |
| Message-ID: | 18598-3279ed972a2347c7@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
The following bug has been logged on the website:
Bug reference: 18598
Logged by: Alexander Lakhin
Email address: exclusion(at)gmail(dot)com
PostgreSQL version: 17beta3
Operating system: Ubuntu 22.04
Description:
The following query:
SELECT JSON_OBJECTAGG(i: (i)::text FORMAT JSON WITH UNIQUE)
FROM generate_series(1, 100000) i;
triggers an asan-detected error:
==973230==ERROR: AddressSanitizer: heap-use-after-free on address
0x7fde473f4428 at pc 0x558af80f20a6 bp 0x7ffe6b8e2df0 sp 0x7ffe6b8e2598
READ of size 7 at 0x7fde473f4428 thread T0
#0 0x558af80f20a5 in __interceptor_strncmp.part.0
(.../usr/local/pgsql/bin/postgres+0x32d40a5)
#1 0x558af9ed5276 in json_unique_hash_match
.../src/backend/utils/adt/json.c:922
#2 0x558afa49c6ce in hash_search_with_hash_value
.../src/backend/utils/hash/dynahash.c:1021
#3 0x558afa49bfbc in hash_search
.../src/backend/utils/hash/dynahash.c:960
#4 0x558af9ed58b4 in json_unique_check_key
.../src/backend/utils/adt/json.c:967
#5 0x558af9ed6a71 in json_object_agg_transfn_worker
.../src/backend/utils/adt/json.c:1116
#6 0x558af9ed6fc5 in json_object_agg_unique_transfn
.../src/backend/utils/adt/json.c:1163
#7 0x558af8e3dcbe in ExecAggPlainTransByVal
.../src/backend/executor/execExprInterp.c:5382
...
0x7fde473f4428 is located 506920 bytes inside of 524352-byte region
[0x7fde47378800,0x7fde473f8840)
freed by thread T0 here:
#0 0x558af8114038 in realloc
(.../usr/local/pgsql/bin/postgres+0x32f6038)
#1 0x558afa52c970 in AllocSetRealloc
.../src/backend/utils/mmgr/aset.c:1226
#2 0x558afa56c0e9 in repalloc .../src/backend/utils/mmgr/mcxt.c:1566
#3 0x558afa66c94a in enlargeStringInfo .../src/common/stringinfo.c:349
#4 0x558afa66be4a in appendBinaryStringInfo
.../src/common/stringinfo.c:238
#5 0x558afa66b612 in appendStringInfoString
.../src/common/stringinfo.c:184
#6 0x558af9ed66b9 in json_object_agg_transfn_worker
.../src/backend/utils/adt/json.c:1102
#7 0x558af9ed6fc5 in json_object_agg_unique_transfn
.../src/backend/utils/adt/json.c:1163
#8 0x558af8e3dcbe in ExecAggPlainTransByVal
.../src/backend/executor/execExprInterp.c:5382
...
previously allocated by thread T0 here:
#0 0x558af8114038 in realloc
(.../usr/local/pgsql/bin/postgres+0x32f6038)
#1 0x558afa52c970 in AllocSetRealloc
.../src/backend/utils/mmgr/aset.c:1226
#2 0x558afa56c0e9 in repalloc .../src/backend/utils/mmgr/mcxt.c:1566
#3 0x558afa66c94a in enlargeStringInfo .../src/common/stringinfo.c:349
#4 0x558afa66be4a in appendBinaryStringInfo
.../src/common/stringinfo.c:238
#5 0x558afa66b612 in appendStringInfoString
.../src/common/stringinfo.c:184
#6 0x558af9ed0559 in datum_to_json_internal
.../src/backend/utils/adt/json.c:279
#7 0x558af9ed6ee3 in json_object_agg_transfn_worker
.../src/backend/utils/adt/json.c:1132
#8 0x558af9ed6fc5 in json_object_agg_unique_transfn
.../src/backend/utils/adt/json.c:1163
#9 0x558af8e3dcbe in ExecAggPlainTransByVal
.../src/backend/executor/execExprInterp.c:5382
...
Reproduced starting from 7081ac46a.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2024-09-03 23:38:29 | BUG #18599: server closed the connection unexpectedly |
| Previous Message | hubert depesz lubaczewski | 2024-08-30 11:01:39 | Re: BUG #18596: I can't download PostgreSQL16 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-09-01 19:15:00 | Re: In-placre persistance change of a relation |
| Previous Message | sia kc | 2024-09-01 18:46:41 | Re: Improving tracking/processing of buildfarm test failures |