Re: BUG #3860: xpath crashes backend when is querying xmlagg result

Sokolov Yura escribió:

> -------- bg1.sql---------------
> -- crashed, when queries xmlelement with containment given by xmlagg
> -- and type of aggregated elements is different
> select xpath('any_non_empty_expression', xmlelement(name a, xmlagg(el) )) as
> el
> from ( values
> ( xmlelement(name b, 0) ), -- integer
> ( xmlelement(name c, 0.1) ) -- numeric, string crashe backend
> -- on 32bit Debian float4 and float8 does
> not
> -- on 64 bit Debian float4 does but float8
> not
> -- order is irrelevant
> ) as t(el);
> -----end bg1.sql --------------

I can reproduce this crash. The backtrace looks like this:

(gdb) bt
#0 0x000000000076a06e in pfree (pointer=0xc4b1c8) at /pgsql/source/00head/src/backend/utils/mmgr/mcxt.c:589
#1 0x000000000072c773 in xml_pfree (ptr=0xc4b1c8) at /pgsql/source/00head/src/backend/utils/adt/xml.c:1342
#2 0x00002b7c3b3ecb12 in xmlCleanupCharEncodingHandlers () from /usr/lib/libxml2.so.2
#3 0x00002b7c3b3f4d75 in xmlCleanupParser () from /usr/lib/libxml2.so.2
#4 0x0000000000730778 in xpath (fcinfo=0x7fff6f909d70) at /pgsql/source/00head/src/backend/utils/adt/xml.c:3441
#5 0x000000000058dc89 in ExecMakeFunctionResult (fcache=0xc40780, econtext=0xc40688, isNull=0xc416f8 "",
isDone=0xc417b0) at /pgsql/source/00head/src/backend/executor/execQual.c:1351
#6 0x000000000058e587 in ExecEvalFunc (fcache=0xc40780, econtext=0xc40688, isNull=0xc416f8 "", isDone=0xc417b0)
at /pgsql/source/00head/src/backend/executor/execQual.c:1753
#7 0x0000000000594ed6 in ExecTargetList (targetlist=0xc40f08, econtext=0xc40688, values=0xc416d8,
isnull=0xc416f8 "", itemIsDone=0xc417b0, isDone=0x0)
at /pgsql/source/00head/src/backend/executor/execQual.c:4601
#8 0x00000000005953a9 in ExecProject (projInfo=0xc41718, isDone=0x0)
at /pgsql/source/00head/src/backend/executor/execQual.c:4802
#9 0x000000000059b5e4 in agg_retrieve_direct (aggstate=0xc40378)
at /pgsql/source/00head/src/backend/executor/nodeAgg.c:989
#10 0x000000000059b2e0 in ExecAgg (node=0xc40378) at /pgsql/source/00head/src/backend/executor/nodeAgg.c:816
#11 0x000000000058b34b in ExecProcNode (node=0xc40378)
at /pgsql/source/00head/src/backend/executor/execProcnode.c:394
#12 0x0000000000588a60 in ExecutePlan (estate=0xc3fe48, planstate=0xc40378, operation=CMD_SELECT, numberTuples=0,
direction=ForwardScanDirection, dest=0xc30fc0) at /pgsql/source/00head/src/backend/executor/execMain.c:1233
#13 0x000000000058721a in ExecutorRun (queryDesc=0xc08ed8, direction=ForwardScanDirection, count=0)
at /pgsql/source/00head/src/backend/executor/execMain.c:267
#14 0x000000000066692b in PortalRunSelect (portal=0xc37228, forward=1 '\001', count=0, dest=0xc30fc0)
at /pgsql/source/00head/src/backend/tcop/pquery.c:943
#15 0x000000000066657b in PortalRun (portal=0xc37228, count=9223372036854775807, isTopLevel=1 '\001',
dest=0xc30fc0, altdest=0xc30fc0, completionTag=0x7fff6f90a6e0 "")
at /pgsql/source/00head/src/backend/tcop/pquery.c:769
#16 0x0000000000660a1f in exec_simple_query (
query_string=0xbf3868 "select xpath('any_non_empty_expression', xmlelement(name a, xmlagg(el) )) as el\nfrom ( v
alues ( xmlelement(name b, 0) ), ( xmlelement(name c, 0.1) ) ) as t(el);")
at /pgsql/source/00head/src/backend/tcop/postgres.c:963
#17 0x0000000000664917 in PostgresMain (argc=4, argv=0xb4ca28, username=0xb4c9d8 "alvherre")
at /pgsql/source/00head/src/backend/tcop/postgres.c:3535
#18 0x000000000062609c in BackendRun (port=0xb72400)
at /pgsql/source/00head/src/backend/postmaster/postmaster.c:3180
#19 0x00000000006255de in BackendStartup (port=0xb72400)
at /pgsql/source/00head/src/backend/postmaster/postmaster.c:2803

--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support