Re: BUG #18657: Using JSON_OBJECTAGG with volatile function leads to segfault

It seems that reverting the code at src/backend/executor/execExpr.c case
T_JsonValueExpr: fix the problem

Revert patch:
diff --git a/src/backend/executor/execExpr.c
b/src/backend/executor/execExpr.c
index a5395536a1..4143ff1730 100644
--- a/src/backend/executor/execExpr.c
+++ b/src/backend/executor/execExpr.c
@@ -2317,8 +2317,21 @@ ExecInitExprRec(Expr *node, ExprState *state,
{
JsonValueExpr *jve = (JsonValueExpr *) node;

- Assert(jve->formatted_expr != NULL);
- ExecInitExprRec(jve->formatted_expr, state, resv, resnull);
+ ExecInitExprRec(jve->raw_expr, state, resv, resnull);
+
+ if (jve->formatted_expr)
+ {
+ Datum *innermost_caseval = state->innermost_caseval;
+ bool *innermost_isnull = state->innermost_casenull;
+
+ state->innermost_caseval = resv;
+ state->innermost_casenull = resnull;
+
+ ExecInitExprRec(jve->formatted_expr, state, resv, resnull);
+
+ state->innermost_caseval = innermost_caseval;
+ state->innermost_casenull = innermost_isnull;
+ }
break;
}

psql -U postgres -h /tmp
psql (16.4 (Ubuntu 16.4-0ubuntu0.24.04.2), server 17.0)
WARNING: psql major version 16, server major version 17.
Some psql features might not work.
Type "help" for help.

postgres=> SELECT JSON_OBJECT('a': JSON_OBJECTAGG('b': random() RETURNING
text) FORMAT JSON);
json_object
--------------------------------------
{"a" : { "b" : 0.9135423351926648 }}
(1 row)

postgres=>

Em ter., 15 de out. de 2024 às 09:16, PG Bug reporting form <
noreply(at)postgresql(dot)org> escreveu:

> The following bug has been logged on the website:
>
> Bug reference: 18657
> Logged by: Alexander Lakhin
> Email address: exclusion(at)gmail(dot)com
> PostgreSQL version: 17.0
> Operating system: Ubuntu 22.04
> Description:
>
> The following query:
> SELECT JSON_OBJECT('a': JSON_OBJECTAGG('b': random() RETURNING text) FORMAT
> JSON);
>
> triggers a server crash with the following stack trace:
> Core was generated by `postgres: law regression [local] SELECT
>
> '.
> Program terminated with signal SIGSEGV, Segmentation fault.
>
> #0 0x000055b54914ee1b in ExecBuildAggTrans (...) at execExpr.c:3514
> 3514 expr_setup_walker((Node *)
> pertrans->aggref->aggdirectargs,
> (gdb) bt
> #0 0x000055b54914ee1b in ExecBuildAggTrans (...) at execExpr.c:3514
> #1 0x000055b549180ee9 in ExecInitAgg (...) at nodeAgg.c:4017
> #2 0x000055b54916eb13 in ExecInitNode (...) at execProcnode.c:341
> #3 0x000055b549162d3f in InitPlan (...) at execMain.c:968
> #4 0x000055b549162732 in standard_ExecutorStart (...) at execMain.c:263
> #5 0x000055b54916245a in ExecutorStart (...) at execMain.c:139
> #6 0x000055b549411063 in PortalStart (...) at pquery.c:517
> #7 0x000055b54940d172 in exec_simple_query (
> query_string=0x55b54b3f4430 "SELECT JSON_OBJECT('a':
> JSON_OBJECTAGG('b':
> random() RETURNING text) FORMAT JSON);") at postgres.c:1239
>
> (gdb) p pertrans->aggref
> $1 = (Aggref *) 0x0
>
> First bad commit for this anomaly is b6e1157e7.
>
>