Re: BUG #17300: Server crashes on deserializing text multirange

On Mon, Dec 6, 2021 at 10:39 PM Alexander Korotkov <aekorotkov(at)gmail(dot)com> wrote:
> On Thu, Dec 2, 2021 at 1:39 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> > > The following query:
> >
> > > select ('[\"\\\\\",\"\\\\' || repeat('a', 200) ||
> > > '\"]')::textrange::textmultirange
> >
> > > leads to the server crash with the following stacktrace:
> >
> > I think the problem here is that the range bound values inside the
> > multirange are supposed to be aligned (at least, write_multirange_data
> > thinks so) but multirange_get_range isn't accounting for the alignment
> > padding between the two values it extracts. In this example that
> > causes it to extract an insane length for the second value.
> >
> > If so, this would indicate extremely slipshod testing of the multirange
> > stuff, because the breakage is necessarily reached by multirange_out.
>
> Sorry for the delay. I'm going to fix this in the next couple of days.

The proposed patch fixes the patch (and adds some minimal testing for
it). I'm going to push it if no objections (backpatch to v14).

------
Regards,
Alexander Korotkov