| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | haogangmao(at)gmail(dot)com |
| Subject: | BUG #19466: Server crash (SIGSEGV) when FETCH after ALTER TYPE during open cursor |
| Date: | 2026-04-25 07:27:28 |
| Message-ID: | 19466-dc32827173299fd4@postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 19466
Logged by: HaoGang Mao
Email address: haogangmao(at)gmail(dot)com
PostgreSQL version: 18.3
Operating system: Linux
Description:
PostgreSQL version: 18.3
OS: Linux (Docker)
Summary:
PostgreSQL crashes with SIGSEGV when a cursor is open over a composite
type and the type is modified via ALTER TYPE during the same transaction,
followed by a second FETCH.
Reproduction steps (minimal):
CREATE TYPE foo AS (a INT, b INT);
BEGIN;
DECLARE c CURSOR FOR
SELECT (i, power(2, 30))::foo
FROM generate_series(1,10) i;
FETCH c;
ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;
FETCH c;
COMMIT;
Expected: Error message (type modified during active cursor)
Actual: Server process terminated with signal 11 (Segmentation fault)
Server log:
client backend (PID 85) was terminated by signal 11: Segmentation fault
Failed process was running: [above SQL]
Hypothesis:
The cursor holds a reference to the tuple descriptor for type "foo".
After ALTER TYPE modifies the type, the descriptor may be invalidated
while the cursor still holds a dangling pointer to it. The second FETCH
dereferences this invalid pointer.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ayush Tiwari | 2026-04-25 10:15:31 | Re: BUG #19466: Server crash (SIGSEGV) when FETCH after ALTER TYPE during open cursor |
| Previous Message | Shishir Sharma | 2026-04-25 06:08:50 | Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod |