| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | tharakan(at)gmail(dot)com |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #17022: SQL causing engine crash |
| Date: | 2021-05-19 14:50:35 |
| Message-ID: | 3430325.1621435835@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> SQLSmith is constantly crashing v13.3 with SQL(s) that appear linked to a
> PostGIS (v3.0.3) bug - see Error Report below.
Yeah, I agree, it's a postgis bug.
> I decided to post this here (backtracking on an earlier thought), since #0 /
> #1 are postgres functions and I wasn't really sure if the arguments to these
> functions are sanitized. For e.g. whether pg_detoast_datum_slice() is
> expected to check input bounds (count=40 in this case).
The trace shows that gserialized_datum_get_gidx_p is passing a NULL
datum pointer to pg_detoast_datum_slice. Whether the slice length
is appropriate seems like an academic question.
(It does look like that code validates sliceoffset and slicelength
and does something appropriate if they're outside the bounds of
the datum's size. But you gotta have a datum.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James Coleman | 2021-05-19 14:54:10 | Re: Less selective index chosen unexpectedly |
| Previous Message | Palle | 2021-05-19 14:49:02 | Re: BUG #16696: Backend crash in llvmjit |