Segfault when using function and custom-type

Hi,

The following SQL causes a Segfault on multiple branches.

It uses a custom-type / function definitions from the script
/src/test/regress/sql/create_type.sql and although I see that the
documentation mentions that custom types have a sharp-edge, reporting
it nonetheless to see if we could avoid a crash.

Sample SQL - Tested on 7fed801135
==========
$ psql postgres
psql (15beta1, server 16devel)
postgres=# BEGIN;
BEGIN
postgres=*# CREATE TYPE base_type;
CREATE TYPE
postgres=*# CREATE FUNCTION base_fn_in(cstring) RETURNS base_type AS 'boolin'
postgres-*# LANGUAGE internal IMMUTABLE STRICT;
NOTICE: return type base_type is only a shell
CREATE FUNCTION
postgres=*# CREATE FUNCTION base_fn_out(base_type) RETURNS cstring AS 'boolout'
postgres-*# LANGUAGE internal IMMUTABLE STRICT;
NOTICE: argument type base_type is only a shell
CREATE FUNCTION
postgres=*# CREATE TYPE base_type(INPUT = base_fn_in, OUTPUT = base_fn_out);
CREATE TYPE
postgres=*# select base_fn_out('t');
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Succeeded.

Backtrace
=========
Program received signal SIGSEGV, Segmentation fault.
0x00005605e21a9b75 in pg_detoast_datum (datum=0x1) at fmgr.c:1710
1710 if (VARATT_IS_EXTENDED(datum))
(gdb) bt full
#0 0x00005605e21a9b75 in pg_detoast_datum (datum=0x1) at fmgr.c:1710
No locals.
#1 0x00005605e1c1cebc in coerce_type (pstate=0x5605e39cecb8,
node=0x5605e39ceed8, inputTypeId=705, targetTypeId=81920,
targetTypeMod=-1, ccontext=COERCION_IMPLICIT,
cformat=COERCE_IMPLICIT_CAST, location=-1) at parse_coerce.c:326
newcon = 0x5605e39cf4a8
baseTypeId = 81920
baseTypeMod = -1
inputTypeMod = -1
pcbstate = {pstate = 0x5605e39cecb8, location = 19,
errcallback = {previous = 0x0, callback = 0x5605e1c39fed
<pcb_error_callback>, arg = 0x7ffe72774730}}
con = 0x5605e39ceed8
baseType = 0x7f556368c110
result = 0x5605e39ce9b0
pathtype = COERCION_PATH_NONE
funcId = 4294967295
__func__ = "coerce_type"
#2 0x00005605e1c357e9 in make_fn_arguments (pstate=0x5605e39cecb8,
fargs=0x5605e39cef28, actual_arg_types=0x7ffe72774970,
declared_arg_types=0x5605e39cef80) at parse_func.c:1861
node = 0x5605e39ceed8
current_fargs__state = {l = 0x5605e39cef28, i = 0}
current_fargs = 0x5605e39cef40
i = 0
#3 0x00005605e1c3341d in ParseFuncOrColumn (pstate=0x5605e39cecb8,
funcname=0x5605e39ce9b0, fargs=0x5605e39cef28, last_srf=0x0,
fn=0x5605e39cea58, proc_call=false, location=7)
at parse_func.c:676
is_column = false
agg_order = 0x0
agg_filter = 0x0
over = 0x0
agg_within_group = false
agg_star = false
agg_distinct = false
func_variadic = false
funcformat = COERCE_EXPLICIT_CALL
could_be_projection = false
rettype = 2275
funcid = 81922
l = 0x0
first_arg = 0x5605e39ceed8
nargs = 1
nargsplusdefs = 1
actual_arg_types = {705, 0, 0, 0, 256, 0, 629600000,
1008947352, 1, 5, 3793899680, 22021, 1920420384, 32766, 3793629783,
22021, 1296236545, 0, 3818712856, 22021, 16, 0, 0, 0, 0, 0,
0, 0, 1296236544, 0, 3818712904, 22021, 0, 0, 0, 0, 0, 0, 0,
0, 1296236544, 0, 3818712856, 22021, 8, 0, 0, 0, 0, 0, 0, 0,
4294967294, 0, 629600000, 1008947352, 3818712792, 22021,
3793899680, 22021, 1920420576, 32766, 3793631297, 22021, 0,
0, 32, 0, 3818711544, 22021, 0, 0, 3818708624, 22021, 3818712872,
22021, 4869, 0, 3818708624, 22021, 3818712872,
22021, 32, 0, 0, 0, 0, 0, 1585, 0, 629600000, 1008947352,
1920420624, 32766, 3789484038, 22021, 1920420656, 32766, 1, 1}
declared_arg_types = 0x5605e39cef80
argnames = 0x0
argdefaults = 0x0
retval = 0x0
retset = false
nvargs = 0
vatype = 0
fdresult = FUNCDETAIL_NORMAL
aggkind = 0 '\000'
pcbstate = {pstate = 0x5605e39cecb8, location = 7, errcallback
= {previous = 0x0, callback = 0x5605e1c39fed <pcb_error_callback>, arg
= 0x7ffe72774940}}
__func__ = "ParseFuncOrColumn"

To add, base_fn_in() also exhibits similar behaviour for both 't' and 'f'
as arguments. This was tested on REL_12_STABLE / REL_15_STABLE and master.
Thanks to SQLSmith / SQLReduce for the find.

-
Robins Tharakan
Amazon Web Services