| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Paul Ramsey <pramsey(at)cleverelephant(dot)ca> |
| Cc: | Pgsql Hackers <pgsql-hackers(at)postgresql(dot)org>, Regina Obe <lr(at)pcorp(dot)us>, Fredrik Widlert <fredrik(dot)widlert(at)digpro(dot)se> |
| Subject: | Re: Pg17 Crash in Planning (Arrays + Casting + UDF) |
| Date: | 2024-10-09 20:21:53 |
| Message-ID: | 2460140.1728505313@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Paul Ramsey <pramsey(at)cleverelephant(dot)ca> writes:
> This extremely odd case [2] came in via a report using a lot of PostGIS functions, but it can be reconfigured into a pure-PostgreSQL crasher [1].
Thanks for the report! Looks like estimate_array_length() is
incautiously assuming that the "root" pointer it receives will
never be NULL.
The overall code path here is eval_const_expressions ->
simplify_function -> cost_qual_eval -> estimate_array_length,
and the proximate cause of root being NULL is that
simplify_function/inline_function don't take a root pointer,
so they pass NULL root to cost_qual_eval.
We could change their signatures ... but it's explicitly documented
that eval_const_expressions allows NULL for root, so there would
presumably still be code paths that'd fail. It looks like the only
safe fix is to ensure that estimate_array_length will cope with NULL
for root.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jelte Fennema-Nio | 2024-10-09 20:30:15 | Re: sunsetting md5 password support |
| Previous Message | Joe Conway | 2024-10-09 20:15:03 | Re: Pg17 Crash in Planning (Arrays + Casting + UDF) |