BUG #15599: Segfault at MakeExpandedObjectReadOnlyInternal

The following bug has been logged on the website:

Bug reference: 15599
Logged by: Alexander Lakhin
Email address: exclusion(at)gmail(dot)com
PostgreSQL version: 11.1
Operating system: Ubuntu 18.04
Description:

The PostgreSQL server crashes with the following query (excerpt from
regression test, run it after `make check`):
--
CREATE TABLE hobbies_r (
name text,
person text
);

CREATE TABLE person (
name text,
age int4,
location point
);

CREATE TABLE emp (
salary int4,
manager name
) INHERITS (person);

CREATE FUNCTION overpaid(emp)
RETURNS hobbies_r
AS '/src/postgres/src/test/regress/regress.so'
LANGUAGE C STRICT;

LOAD '/src/postgres/src/test/regress/regress.so';

COPY emp FROM '/src/postgres/src/test/regress/data/emp.data';

SELECT name, overpaid(emp.*) FROM emp;
--
2019-01-19 11:42:37.654 MSK [3345] LOG: server process (PID 3360) was
terminated by signal 11: Ошибка сегментирования
2019-01-19 11:42:37.654 MSK [3345] DETAIL: Failed process was running:
SELECT name, overpaid(emp.*) FROM emp;
2019-01-19 11:42:37.654 MSK [3345] LOG: terminating any other active server
processes
2019-01-19 11:42:37.655 MSK [3351] WARNING: terminating connection because
of crash of another server process
--
Backtrace:
Reading symbols from
/src/postgres/tmp_install/usr/local/pgsql/bin/postgres...done.
[New LWP 3360]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `postgres: law regression [local] SELECT
'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 MakeExpandedObjectReadOnlyInternal (d=1) at expandeddatum.c:100
100 if (!VARATT_IS_EXTERNAL_EXPANDED_RW(DatumGetPointer(d)))
(gdb) bt
#0 MakeExpandedObjectReadOnlyInternal (d=1) at expandeddatum.c:100
#1 0x0000558b3f8ec9c3 in ExecInterpExpr (state=0x558b4119c848,
econtext=0x558b4119c3b0, isnull=<optimized out>)
at execExprInterp.c:588
#2 0x0000558b3f8f78bd in ExecEvalExprSwitchContext (isNull=0x7ffd007f8977,
econtext=0x558b4119c3b0,
state=0x558b4119c848) at ../../../src/include/executor/executor.h:298
#3 ExecProject (projInfo=0x558b4119c840) at
../../../src/include/executor/executor.h:332
#4 ExecScan (node=<optimized out>, accessMtd=0x558b3f917760 <SeqNext>,
recheckMtd=0x558b3f917730 <SeqRecheck>)
at execScan.c:201
#5 0x0000558b3f8ef482 in ExecProcNode (node=0x558b4119c2a0) at
../../../src/include/executor/executor.h:231
#6 ExecutePlan (execute_once=<optimized out>, dest=0x558b4119f570,
direction=<optimized out>, numberTuples=0,
sendTuples=<optimized out>, operation=CMD_SELECT,
use_parallel_mode=<optimized out>, planstate=0x558b4119c2a0,
estate=0x558b4119c060) at execMain.c:1646
#7 standard_ExecutorRun (queryDesc=0x558b41186ab0, direction=<optimized
out>, count=0, execute_once=<optimized out>)
at execMain.c:364
#8 0x0000558b3fa326cd in PortalRunSelect
(portal=portal(at)entry=0x558b41142000, forward=forward(at)entry=true, count=0,
count(at)entry=9223372036854775807, dest=dest(at)entry=0x558b4119f570) at
pquery.c:929
#9 0x0000558b3fa33bee in PortalRun (portal=portal(at)entry=0x558b41142000,
count=count(at)entry=9223372036854775807,
isTopLevel=isTopLevel(at)entry=true, run_once=run_once(at)entry=true,
dest=dest(at)entry=0x558b4119f570,
altdest=altdest(at)entry=0x558b4119f570, completionTag=0x7ffd007f8c10 "")
at pquery.c:770
#10 0x0000558b3fa2f932 in exec_simple_query (query_string=0x558b410db340
"SELECT name, overpaid(emp.*) FROM emp;")
at postgres.c:1215
#11 0x0000558b3fa3189e in PostgresMain (argc=<optimized out>,
argv=argv(at)entry=0x558b411065c0, dbname=<optimized out>,
username=<optimized out>) at postgres.c:4256
#12 0x0000558b3f9bf9a0 in BackendRun (port=0x558b410feb40,
port=0x558b410feb40) at postmaster.c:4378
#13 BackendStartup (port=0x558b410feb40) at postmaster.c:4069
#14 ServerLoop () at postmaster.c:1699
#15 0x0000558b3f9c0958 in PostmasterMain (argc=3, argv=0x558b410d59c0) at
postmaster.c:1372
#16 0x0000558b3f764041 in main (argc=3, argv=0x558b410d59c0) at main.c:228