BUG #17912: Invalid memory access when converting plpython' array containing empty array
| От | PG Bug reporting form |
|---|---|
| Тема | BUG #17912: Invalid memory access when converting plpython' array containing empty array |
| Дата | |
| Msg-id | 17912-82ceed78731d9cdc@postgresql.org обсуждение исходный текст |
| Ответы |
Re: BUG #17912: Invalid memory access when converting plpython' array containing empty array
|
| Список | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 17912
Logged by: Alexander Lakhin
Email address: exclusion@gmail.com
PostgreSQL version: 15.2
Operating system: Ubuntu 22.04
Description:
When the following query executed:
CREATE EXTENSION plpython3u;
CREATE OR REPLACE FUNCTION test() RETURNS text[] AS $$
return [[], "a"]
$$ LANGUAGE plpython3u;
SELECT test();
valgrind detects an incorrect memory access:
==00:00:00:05.073 1489859== Invalid write of size 1
==00:00:00:05.073 1489859== at 0x4878C38: PLyObject_ToScalar
(plpy_typeio.c:1083)
==00:00:00:05.073 1489859== by 0x4877267: PLySequence_ToArray_recurse
(plpy_typeio.c:1282)
==00:00:00:05.073 1489859== by 0x48776AF: PLySequence_ToArray
(plpy_typeio.c:1227)
==00:00:00:05.073 1489859== by 0x4877E9C: PLy_output_convert
(plpy_typeio.c:122)
==00:00:00:05.073 1489859== by 0x487101E: PLy_exec_function
(plpy_exec.c:235)
==00:00:00:05.073 1489859== by 0x487201B: plpython3_call_handler
(plpy_main.c:247)
==00:00:00:05.073 1489859== by 0x401A95: ExecInterpExpr
(execExprInterp.c:727)
==00:00:00:05.073 1489859== by 0x3FE2A6: ExecInterpExprStillValid
(execExprInterp.c:1826)
==00:00:00:05.073 1489859== by 0x440563: ExecEvalExprSwitchContext
(executor.h:341)
==00:00:00:05.073 1489859== by 0x440563: ExecProject (executor.h:375)
==00:00:00:05.073 1489859== by 0x440563: ExecResult (nodeResult.c:136)
==00:00:00:05.073 1489859== by 0x40EBA2: ExecProcNodeFirst
(execProcnode.c:464)
==00:00:00:05.073 1489859== by 0x407196: ExecProcNode (executor.h:259)
==00:00:00:05.073 1489859== by 0x407196: ExecutePlan (execMain.c:1636)
==00:00:00:05.073 1489859== by 0x407376: standard_ExecutorRun
(execMain.c:363)
==00:00:00:05.073 1489859== Address 0x112e9340 is 320 bytes inside a block
of size 8,192 alloc'd
==00:00:00:05.073 1489859== at 0x4848899: malloc
(vg_replace_malloc.c:381)
==00:00:00:05.073 1489859== by 0x73ACFA: AllocSetContextCreateInternal
(aset.c:469)
==00:00:00:05.073 1489859== by 0x415DFF: CreateExprContextInternal
(execUtils.c:259)
==00:00:00:05.073 1489859== by 0x41623E: CreateExprContext
(execUtils.c:309)
==00:00:00:05.073 1489859== by 0x41648A: ExecAssignExprContext
(execUtils.c:488)
==00:00:00:05.073 1489859== by 0x44075F: ExecInitResult
(nodeResult.c:205)
==00:00:00:05.073 1489859== by 0x40ED32: ExecInitNode
(execProcnode.c:167)
==00:00:00:05.073 1489859== by 0x407AA9: InitPlan (execMain.c:938)
==00:00:00:05.073 1489859== by 0x407C85: standard_ExecutorStart
(execMain.c:265)
==00:00:00:05.073 1489859== by 0x407DDD: ExecutorStart (execMain.c:144)
==00:00:00:05.073 1489859== by 0x5C6723: PortalStart (pquery.c:517)
==00:00:00:05.073 1489859== by 0x5C32DF: exec_simple_query
(postgres.c:1211)
Without valgrind, but with asserts enabled, I get:
WARNING: problem in alloc set ExprContext: detected write past chunk end in
block 0x562777dfbeb0, chunk 0x562777dfbed8
WARNING: problem in alloc set ExprContext: req size > alloc size for chunk
0x562777dfbef0 in block 0x562777dfbeb0
test
--------
{[],a}
(1 row)
When the function returns '["a", []]', I see no anomalies.
As I can see, for the first case we get len = 0 in PLySequence_ToArray();
elems, nulls palloc'ed with zero elements, but PLyObject_ToScalar() tries
to
write a value into nulls[0]...
Reproduced on REL_11_STABLE..master.
В списке pgsql-bugs по дате отправления: