BUG #2697: 8.2beta1 SIGSEGV crash/assertion on insert statement w/ sub-select and placeholders

Since it seems this mail got lost in the depths of maintainer
approval, pardon my resend.

The following bug has been logged online:

Bug reference: 2697
Logged by: Rusty Conover
Email address: rconover(at)infogears(dot)com
PostgreSQL version: 8.2beta1
Operating system: Fedora Core 5
Description: SIGSEGV crash/assertion on insert statement w/
subselect (very simple test case)
Details:

8.2beta1 postgres crashes with an assertion failure (or segv when built
without assertions) on these steps via perl DBD::Pg 1.49:

======== Begin example =========
$dbh->begin_work();
my @statements_1 = (
"create temp table foo(id integer) WITHOUT OIDS ON COMMIT DROP",
"create temp table bar(id integer, a integer) WITHOUT OIDS ON
COMMIT DROP",
"insert into foo (id) values (5)",
);
foreach my $s (@statements_1) {
$dbh->do($s) || die("failed to execute: $s " . $dbh->errstr());
}
# This causes the crash...
$dbh->do("insert into bar (id, a) select id, ? from foo", undef, 5)
|| die("Failed to execute");

$dbh->rollback();
$dbh->disconnect();
======== End example =========

This code works fine in 8.1.4.

rconover=# select version();
version
------------------------------------------------------------------------
------------------------------
PostgreSQL 8.2beta1 on i686-pc-linux-gnu, compiled by GCC gcc (GCC)
4.1.0 20060304 (Red Hat 4.1.0-3)

From the logs:

LOG: statement: begin
LOG: statement: create temp table foo(id integer) WITHOUT OIDS ON
COMMIT DROP
LOG: statement: create temp table bar(id integer, a integer) WITHOUT
OIDS ON COMMIT DROP
LOG: statement: insert into foo (id) values (5)
LOG: execute <unnamed>: insert into bar (id, a) select id, $1 from foo
DETAIL: parameters: $1 = '5'
TRAP: FailedAssertion("!(n < list->length)", File: "list.c", Line: 392)
LOG: server process (PID 21539) was terminated by signal 6

Mean while this works fine via psql:

begin;
create temp table foo(id integer) WITHOUT OIDS ON COMMIT DROP;
create temp table bar(id integer, a integer) WITHOUT OIDS ON COMMIT
DROP;
insert into foo (id) values (5);
prepare foobar (integer) as insert into bar (id, a) select id, $1
from foo;
execute foobar(5);
commit;

It would appear that a separate branch of code is getting used when
you do a named prepare.

Here is the gdb backtrace to the assertion:

#4 0x0818c2f1 in list_nth_cell (list=0x8bc54fc, n=2) at list.c:392
392 Assert(n < list->length);
(gdb) bt
#0 0x00320402 in __kernel_vsyscall ()
#1 0x004f2159 in raise () from /lib/libc.so.6
#2 0x004f36e3 in abort () from /lib/libc.so.6
#3 0x0827a031 in ExceptionalCondition (conditionName=Variable
"conditionName" is not available.) at assert.c:51
#4 0x0818c2f1 in list_nth_cell (list=0x8bc54fc, n=2) at list.c:392
#5 0x0818c45d in list_nth (list=0x8bc54fc, n=2) at list.c:413
#6 0x08171217 in ExecOpenScanRelation (estate=0x8bde02c,
scanrelid=3) at execUtils.c:823
#7 0x0817b7dd in ExecInitSeqScan (node=0x8bdd420,
estate=0x8bde02c,eflags=0) at nodeSeqscan.c:150
#8 0x08169431 in ExecInitNode (node=0x8bdd420, estate=0x8bde02c,
eflags=0) at execProcnode.c:164
#9 0x08167018 in ExecutorStart (queryDesc=0x8bdd5f0, eflags=0) at
execMain.c:628
#10 0x081fdc26 in ProcessQuery (parsetree=Variable "parsetree" is not
available.) at pquery.c:152
#11 0x081feb57 in PortalRunMulti (portal=0x8baf89c,
dest=0x83570b4,altdest=0x83570b4, completionTag=0xbf872080 "") at
pquery.c:1145
#12 0x081ff4bd in PortalRun (portal=0x8baf89c,
count=2147483647,dest=0x8b90ed0, altdest=0x8b90ed0,
completionTag=0xbf872080 "") at pquery.c:700
#13 0x081fbf40 in PostgresMain (argc=4, argv=Variable "argv" is not
available.) at postgres.c:1775
#14 0x081d08d2 in ServerLoop () at postmaster.c:2848
#15 0x081d1644 in PostmasterMain (argc=4, argv=0x8b301a0) at
postmaster.c:950
#16 0x0818b9b0 in main (argc=4, argv=Cannot access memory at address
0x5442

If I can be of assistance please feel free to contact me.

Thanks,

Rusty
--
Rusty Conover
InfoGears Inc.
Web: http://www.infogears.com