wrong sql statement crashes backend

Hello

I found simply function which is buggy, but it crashes server

CREATE OR REPLACE FUNCTION test(anyarray)
RETURNS anyarray AS $$
SELECT $1[k]; -- k is bug
$$ LANGUAGE sql;
SELECT test(array[10,2,3]);

Correct function works well.

Regards
Pavel Stehule

Output:
postgres=# select version();
version
-------------------------------------------------------------------------------------------------------
PostgreSQL 8.3devel on i686-pc-linux-gnu, compiled by GCC gcc (GCC)
4.1.2 20070502 (Red Hat 4.1.2-12)
(1 row)

postgres=#
postgres=# CREATE OR REPLACE FUNCTION test(anyarray)
postgres-# RETURNS anyarray AS $$
postgres$# SELECT $1[k]; -- k is bug
postgres$# $$ LANGUAGE sql;
CREATE FUNCTION
postgres=# SELECT test(array[10,2,3]);
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.

stack trace:
#0 0x08180f6f in sql_exec_error_callback (arg=0x89a4838) at functions.c:768
768 if (syntaxerrposition > 0 && fcache->src)
(gdb) bt
#0 0x08180f6f in sql_exec_error_callback (arg=0x89a4838) at functions.c:768
#1 0x0829ef79 in errfinish (dummy=0) at elog.c:315
#2 0x08119066 in transformExpr (pstate=0x89a5338, expr=0x89a5144) at
parse_expr.c:416
#3 0x0811ca06 in transformArraySubscripts (pstate=0x89a5338,
arrayBase=0x89a5078, arrayType=1007, elementType=23, elementTypMod=-1,
indirection=0x89a5424, assignFrom=0x0) at parse_node.c:236
#4 0x08118d88 in transformExpr (pstate=0x89a5338, expr=0x89a5204) at
parse_expr.c:335
#5 0x081263bc in transformTargetEntry (pstate=0x89a5338,
node=0x89a5204, expr=0x0, colname=0x0, resjunk=0 '\0') at
parse_target.c:74
#6 0x08126894 in transformTargetList (pstate=0x89a5338,
targetlist=0x89a5260) at parse_target.c:146
#7 0x080fe27c in transformStmt (pstate=0x89a5338,
parseTree=0x89a527c, extras_before=0xbf94d0a8,
extras_after=0xbf94d0a4)
at analyze.c:2070
#8 0x080ffa7b in do_parse_analyze (parseTree=0xb5954378,
pstate=0x89a5338) at analyze.c:260
#9 0x081008ca in parse_analyze (parseTree=0x89a527c,
sourceText=0x89a504c "\n SELECT $1[k]; -- k is bug\n",
paramTypes=0x89a5038,
numParams=1) at analyze.c:182
#10 0x082114ce in pg_analyze_and_rewrite (parsetree=0x89a527c,
query_string=0x89a504c "\n SELECT $1[k]; -- k is bug\n",
paramTypes=0x89a5038, numParams=1) at postgres.c:578
#11 0x0821212d in pg_parse_and_rewrite (query_string=0x89a504c "\n
SELECT $1[k]; -- k is bug\n", paramTypes=0x89a5038, numParams=1)
at postgres.c:505
#12 0x0818180c in fmgr_sql (fcinfo=0xbf94d1e8) at functions.c:251
#13 0x081796ac in ExecMakeFunctionResult (fcache=0x89a4828, econtext=0x89a4790,
isNull=0x89a4e8c "\177~\177\177\177\177\177\177��\226\b@",
isDone=0x89a4eec) at execQual.c:1280
#14 0x08177782 in ExecProject (projInfo=0x89a4ea0, isDone=0xbf94d4ac)
at execQual.c:4558
#15 0x0818a60d in ExecResult (node=0x89a4704) at nodeResult.c:155
#16 0x08177045 in ExecProcNode (node=0x89a4704) at execProcnode.c:319
#17 0x0817626b in ExecutorRun (queryDesc=0x899632c,
direction=ForwardScanDirection, count=0) at execMain.c:1114
#18 0x0821528b in PortalRunSelect (portal=0x89942cc, forward=<value
optimized out>, count=0, dest=0x8989d20) at pquery.c:943
#19 0x08216482 in PortalRun (portal=0x89942cc, count=2147483647,
isTopLevel=1 '\001', dest=0x8989d20, altdest=0x8989d20,
completionTag=0xbf94d6fa "") at pquery.c:797
#20 0x08211d63 in exec_simple_query (query_string=0x89894bc "SELECT
test(array[10,2,3]);") at postgres.c:958
#21 0x08213326 in PostgresMain (argc=4, argv=<value optimized out>,
username=0x89116f0 "pavel") at postgres.c:3505
#22 0x081e4f22 in ServerLoop () at postmaster.c:2987
#23 0x081e5c67 in PostmasterMain (argc=3, argv=0x890e490) at postmaster.c:967
#24 0x08199850 in main (argc=3, argv=Cannot access memory at address 0x5
) at main.c:188
(gdb)