BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

PG Doc comments form
The following bug has been logged on the website:

Bug reference:      15514
Logged by:          4321ip
Email address:      [hidden email]
PostgreSQL version: 11.1
Operating system:   WindiwsServer 2012 64bit
Description:        

CREATE TYPE myrowtype AS
(
        field jsonb,
        rank double precision
);
SELECT * FROM jsonb_populate_recordset(NULL :: myrowtype, '[]');

.....
Connection to the server has been lost.

Reply | Threaded
Open this post in threaded view
|

Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Haribabu Kommi-2

On Wed, Nov 21, 2018 at 7:50 AM PG Bug reporting form <[hidden email]> wrote:
The following bug has been logged on the website:

Bug reference:      15514
Logged by:          4321ip
Email address:      [hidden email]
PostgreSQL version: 11.1
Operating system:   WindiwsServer 2012 64bit
Description:       

CREATE TYPE myrowtype AS
(
        field jsonb,
        rank double precision
);
SELECT * FROM jsonb_populate_recordset(NULL :: myrowtype, '[]');

.....
Connection to the server has been lost.

Thanks for the report. I am able to reproduce the crash in HEAD.
Following is the back trace of the crash.

Program received signal SIGSEGV, Segmentation fault.
0x000000000048cc63 in CreateTupleDescCopy (tupdesc=0x0) at tupdesc.c:117
117 desc = CreateTemplateTupleDesc(tupdesc->natts, tupdesc->tdhasoid);
(gdb) bt
#0  0x000000000048cc63 in CreateTupleDescCopy (tupdesc=0x0) at tupdesc.c:117
#1  0x000000000094fd4c in populate_recordset_worker (fcinfo=0x7ffc5fba0ee0, funcname=0xc5afe1 "jsonb_populate_recordset", is_json=false, have_record_arg=true) at jsonfuncs.c:3742
#2  0x000000000094f534 in jsonb_populate_recordset (fcinfo=0x7ffc5fba0ee0) at jsonfuncs.c:3497
#3  0x00000000006e01c3 in ExecMakeTableFunctionResult (setexpr=0x10d2828, econtext=0x10d26d8, argContext=0x10d6270, expectedDesc=0x10d3b40, randomAccess=false) at execSRF.c:231
#4  0x00000000006f36b4 in FunctionNext (node=0x10d25c0) at nodeFunctionscan.c:94
#5  0x00000000006df9f4 in ExecScanFetch (node=0x10d25c0, accessMtd=0x6f35f7 <FunctionNext>, recheckMtd=0x6f39f3 <FunctionRecheck>) at execScan.c:95
#6  0x00000000006dfa69 in ExecScan (node=0x10d25c0, accessMtd=0x6f35f7 <FunctionNext>, recheckMtd=0x6f39f3 <FunctionRecheck>) at execScan.c:145
#7  0x00000000006f3a3d in ExecFunctionScan (pstate=0x10d25c0) at nodeFunctionscan.c:270
#8  0x00000000006ddd60 in ExecProcNodeFirst (node=0x10d25c0) at execProcnode.c:445
#9  0x00000000006d2ef6 in ExecProcNode (node=0x10d25c0) at ../../../src/include/executor/executor.h:237
#10 0x00000000006d5743 in ExecutePlan (estate=0x10d2368, planstate=0x10d25c0, use_parallel_mode=false, operation=CMD_SELECT, sendTuples=true, numberTuples=0, direction=ForwardScanDirection, dest=0x10cf788, 
    execute_once=true) at execMain.c:1707
#11 0x00000000006d3516 in standard_ExecutorRun (queryDesc=0x1031ff8, direction=ForwardScanDirection, count=0, execute_once=true) at execMain.c:364
#12 0x00007f4b2739f7bd in pgss_ExecutorRun (queryDesc=0x1031ff8, direction=ForwardScanDirection, count=0, execute_once=true) at pg_stat_statements.c:893
#13 0x00000000006d3325 in ExecutorRun (queryDesc=0x1031ff8, direction=ForwardScanDirection, count=0, execute_once=true) at execMain.c:305
#14 0x00000000008bca5c in PortalRunSelect (portal=0x1073fc8, forward=true, count=0, dest=0x10cf788) at pquery.c:932
#15 0x00000000008bc6fb in PortalRun (portal=0x1073fc8, count=9223372036854775807, isTopLevel=true, run_once=true, dest=0x10cf788, altdest=0x10cf788, completionTag=0x7ffc5fba1860 "") at pquery.c:773
#16 0x00000000008b6740 in exec_simple_query (query_string=0x100ddd8 "SELECT * FROM jsonb_populate_recordset(NULL :: myrowtype, '[]');") at postgres.c:1215
#17 0x00000000008ba9ed in PostgresMain (argc=1, argv=0x1038660, dbname=0x10384a0 "postgres", username=0x100a7f8 "Kommih") at postgres.c:4243
#18 0x0000000000818d32 in BackendRun (port=0x1030480) at postmaster.c:4377
#19 0x0000000000818510 in BackendStartup (port=0x1030480) at postmaster.c:4068
#20 0x00000000008149fa in ServerLoop () at postmaster.c:1700
#21 0x00000000008142b0 in PostmasterMain (argc=3, argv=0x1008760) at postmaster.c:1373
#22 0x000000000073d2b5 in main (argc=3, argv=0x1008760) at main.c:228
(gdb) q

when the data is NULL, there is no data to populate and the tupleDesc is not updated.
Accessing of NULL pointer leads to crash. Attached quick simple patch fixes the problem.

Regards,
Haribabu Kommi
Fujitsu Australia

0001-jsonb_populate_recordset-crash-fix.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Andrew Gierth
>>>>> "Haribabu" == Haribabu Kommi <[hidden email]> writes:

 Haribabu> when the data is NULL, there is no data to populate and the
 Haribabu> tupleDesc is not updated. Accessing of NULL pointer leads to
 Haribabu> crash. Attached quick simple patch fixes the problem.

Yes, that's an oversight in 4984784f836 (from Tom) which fixed a
_different_ crash here.

Tom: I can take this one if you want?

--
Andrew (irc:RhodiumToad)

Reply | Threaded
Open this post in threaded view
|

Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Tom Lane-2
Andrew Gierth <[hidden email]> writes:
> Yes, that's an oversight in 4984784f836 (from Tom) which fixed a
> _different_ crash here.

Bleah.

> Tom: I can take this one if you want?

It's my bug, I'll take care of it (but not before tomorrow).

                        regards, tom lane

Reply | Threaded
Open this post in threaded view
|

Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Michael Paquier-2
On Wed, Nov 21, 2018 at 12:03:48AM -0500, Tom Lane wrote:
> Andrew Gierth <[hidden email]> writes:
>> Tom: I can take this one if you want?
>
> It's my bug, I'll take care of it (but not before tomorrow).

Thanks Tom.  I was looking at that a bit today as I am also involved in
this story.  But as you plan to finish wrapping it, I'll just withdraw.
--
Michael

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Tom Lane-2
In reply to this post by Haribabu Kommi-2
Haribabu Kommi <[hidden email]> writes:
> Accessing of NULL pointer leads to crash. Attached quick simple patch fixes
> the problem.

While that stops the crash, it doesn't do what we want, which is to
return a valid tupdesc.  Without that you get "set-valued function called
in context that cannot accept a set" errors.  I think the right fix is
to force a call of update_cached_tupdesc so that there always is a
tupdesc to copy.

                        regards, tom lane

Reply | Threaded
Open this post in threaded view
|

Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

Haribabu Kommi-2

On Fri, Nov 23, 2018 at 7:21 AM Tom Lane <[hidden email]> wrote:
Haribabu Kommi <[hidden email]> writes:
> Accessing of NULL pointer leads to crash. Attached quick simple patch fixes
> the problem.

While that stops the crash, it doesn't do what we want, which is to
return a valid tupdesc.  Without that you get "set-valued function called
in context that cannot accept a set" errors.  I think the right fix is
to force a call of update_cached_tupdesc so that there always is a
tupdesc to copy.

Thanks for checking, I thought of the same thing, but I wasn't sure.

Regards,
Haribabu Kommi
Fujitsu Australia