Quick Links

Re: BUG #19384: Server crash at textout

From:	Rahila Syed <rahilasyed90(at)gmail(dot)com>
To:	dllggyx(at)outlook(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject:	Re: BUG #19384: Server crash at textout
Date:	2026-01-20 11:15:31
Message-ID:	CAH2L28tTiH2wNq4tDLcHr2B2NG=kMunJmNfYj5L5tMhQukVnJA@mail.gmail.com
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

Hi,

On Tue, Jan 20, 2026 at 2:29 PM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:

> The following bug has been logged on the website:
>
> Bug reference: 19384
> Logged by: Yuxiao Guo
> Email address: dllggyx(at)outlook(dot)com
> PostgreSQL version: 17.7
> Operating system: Ubuntu 20.04 x86-64, docker image postgres:17.7
> Description:
>
> Hi, I found a crash in PostgreSQL. Here are the details:
>
> PoC:
> DROP TYPE IF EXISTS foo CASCADE;
> CREATE TYPE foo AS (a INT, b INT);
> BEGIN;
> DECLARE c CURSOR FOR SELECT (i, power(2, 30))::foo FROM
> generate_series(1,10) i;
> FETCH c;
> ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;
> FETCH c;
>
>
> Stacktrace:
> #0 0x7ae1c818a00b (gsignal+0xcb)
> #1 0x7ae1c8169859 (abort+0x12b)
> #2 0x542fa7 (_ZN11__sanitizer5AbortEv+0x47)
> #3 0x5414d1 (_ZN11__sanitizer3DieEv+0xc1)
> #4 0x528a14 (_ZN6__asan19ScopedInErrorReportD2Ev+0x1c4)
> #5 0x52a5da (_ZN6__asan18ReportGenericErrorEmmmmbmjb+0x5ba)
> #6 0x523ef6 (__asan_memcpy+0x1d6)
> #7 0x17772d5 (textout+0x1b5)
> #8 0x1835834 (OutputFunctionCall+0x174)
> #9 0x167a568 (record_out+0x828)
> #10 0x1835834 (OutputFunctionCall+0x174)
> #11 0x595848 (printtup+0x958)
> #12 0x1336280 (RunFromStore+0x1d0)
> #13 0x1333ec0 (PortalRunSelect+0x150)
> #14 0x133321d (PortalRun+0x51d)
> #15 0x132f1de (exec_simple_query+0x146e)
> #16 0x1328627 (PostgresMain+0x2c57)
> #17 0x13192e4 (BackendMain+0xe4)
> #18 0x10a26c3 (postmaster_child_launch+0x193)
> #19 0x10adb91 (ServerLoop+0x4821)
> #20 0x10a76ec (PostmasterMain+0x241c)
> #21 0xd5c2b8 (main+0x458)
> #22 0x7ae1c816b083 (__libc_start_main+0xf3)
> #23 0x4a9c6e (_start+0x2e)
>
>
>
This problem is reproducible, also the issue seems to be linked to cursors
since the type cast with only SELECT statements runs fine.

CREATE TYPE foo AS (a INT, b INT);
ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;

postgres=# SELECT (i, power(2, 30))::foo FROM
generate_series(1,10) i;
row
-----------------
(1,1073741824)
(2,1073741824)
(3,1073741824)
(4,1073741824)
(5,1073741824)
(6,1073741824)
(7,1073741824)
(8,1073741824)
(9,1073741824)
(10,1073741824)
(10 rows)

Also, it happens only if ALTER TYPE to TEXT is run after DECLARING the
cursor.

Another observation is that when I lower the exponent to 10, the crash no
longer occurs,
but the output is different.

CREATE TYPE foo AS (a INT, b INT);
BEGIN;
DECLARE c CURSOR FOR SELECT (i, power(2, 10))::foo FROM
generate_series(1,10) i;
DECLARE CURSOR
FETCH c;
row
----------
(1,1024)
(1 row)

ALTER TYPE foo ALTER ATTRIBUTE b TYPE TEXT;
FETCH c;
row
----------
(2,\x10)
(1 row)

Thank you,
Rahila Syed

In response to

BUG #19384: Server crash at textout at 2026-01-20 05:11:17 from PG Bug reporting form

Responses

Re: BUG #19384: Server crash at textout at 2026-01-20 15:03:50 from Pierre Forstmann

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Pierre Forstmann	2026-01-20 15:03:50	Re: BUG #19384: Server crash at textout
Previous Message	Kirill Reshke	2026-01-20 09:47:17	Re: BUG #19382: Server crash at __nss_database_lookup