PG Bug reporting form <noreply@postgresql.org> writes:
> My fuzzer finds a heap-buffer-overflow bug in PostgreSQL 17devel, which
> makes PostgreSQL crash.
All I see here is a datatype declaration that doesn't match what the
C functions expect. You wrote:
> CREATE TYPE widget (
> input = widget_in,
> output = widget_out,
> alignment = double
> );
but the declaration that the regress.so functions expect is what's in
src/test/regress/sql/create_type.sql:
CREATE TYPE widget (
internallength = 24,
input = widget_in,
output = widget_out,
typmod_in = numerictypmodin,
typmod_out = numerictypmodout,
alignment = double
);
That is, widget_in expects it should produce a fixed-length Datum
(24 bytes long, with no length word). But you declared the type
as variable-length, meaning that datumCopy expects to find a length
word. That discrepancy leads directly to the reported crash.
regards, tom lane