Re: BUG #15514: process fails on jsonb_populate_recordset query. see simple example below

On Wed, Nov 21, 2018 at 7:50 AM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:

> The following bug has been logged on the website:
>
> Bug reference: 15514
> Logged by: 4321ip
> Email address: 4321ip(at)gmail(dot)com
> PostgreSQL version: 11.1
> Operating system: WindiwsServer 2012 64bit
> Description:
>
> CREATE TYPE myrowtype AS
> (
> field jsonb,
> rank double precision
> );
> SELECT * FROM jsonb_populate_recordset(NULL :: myrowtype, '[]');
>
> .....
> Connection to the server has been lost.
>

Thanks for the report. I am able to reproduce the crash in HEAD.
Following is the back trace of the crash.

Program received signal SIGSEGV, Segmentation fault.
0x000000000048cc63 in CreateTupleDescCopy (tupdesc=0x0) at tupdesc.c:117
117 desc = CreateTemplateTupleDesc(tupdesc->natts, tupdesc->tdhasoid);
(gdb) bt
#0 0x000000000048cc63 in CreateTupleDescCopy (tupdesc=0x0) at tupdesc.c:117
#1 0x000000000094fd4c in populate_recordset_worker (fcinfo=0x7ffc5fba0ee0,
funcname=0xc5afe1 "jsonb_populate_recordset", is_json=false,
have_record_arg=true) at jsonfuncs.c:3742
#2 0x000000000094f534 in jsonb_populate_recordset (fcinfo=0x7ffc5fba0ee0)
at jsonfuncs.c:3497
#3 0x00000000006e01c3 in ExecMakeTableFunctionResult (setexpr=0x10d2828,
econtext=0x10d26d8, argContext=0x10d6270, expectedDesc=0x10d3b40,
randomAccess=false) at execSRF.c:231
#4 0x00000000006f36b4 in FunctionNext (node=0x10d25c0) at
nodeFunctionscan.c:94
#5 0x00000000006df9f4 in ExecScanFetch (node=0x10d25c0, accessMtd=0x6f35f7
<FunctionNext>, recheckMtd=0x6f39f3 <FunctionRecheck>) at execScan.c:95
#6 0x00000000006dfa69 in ExecScan (node=0x10d25c0, accessMtd=0x6f35f7
<FunctionNext>, recheckMtd=0x6f39f3 <FunctionRecheck>) at execScan.c:145
#7 0x00000000006f3a3d in ExecFunctionScan (pstate=0x10d25c0) at
nodeFunctionscan.c:270
#8 0x00000000006ddd60 in ExecProcNodeFirst (node=0x10d25c0) at
execProcnode.c:445
#9 0x00000000006d2ef6 in ExecProcNode (node=0x10d25c0) at
../../../src/include/executor/executor.h:237
#10 0x00000000006d5743 in ExecutePlan (estate=0x10d2368,
planstate=0x10d25c0, use_parallel_mode=false, operation=CMD_SELECT,
sendTuples=true, numberTuples=0, direction=ForwardScanDirection,
dest=0x10cf788,
execute_once=true) at execMain.c:1707
#11 0x00000000006d3516 in standard_ExecutorRun (queryDesc=0x1031ff8,
direction=ForwardScanDirection, count=0, execute_once=true) at
execMain.c:364
#12 0x00007f4b2739f7bd in pgss_ExecutorRun (queryDesc=0x1031ff8,
direction=ForwardScanDirection, count=0, execute_once=true) at
pg_stat_statements.c:893
#13 0x00000000006d3325 in ExecutorRun (queryDesc=0x1031ff8,
direction=ForwardScanDirection, count=0, execute_once=true) at
execMain.c:305
#14 0x00000000008bca5c in PortalRunSelect (portal=0x1073fc8, forward=true,
count=0, dest=0x10cf788) at pquery.c:932
#15 0x00000000008bc6fb in PortalRun (portal=0x1073fc8,
count=9223372036854775807, isTopLevel=true, run_once=true, dest=0x10cf788,
altdest=0x10cf788, completionTag=0x7ffc5fba1860 "") at pquery.c:773
#16 0x00000000008b6740 in exec_simple_query (query_string=0x100ddd8 "SELECT
* FROM jsonb_populate_recordset(NULL :: myrowtype, '[]');") at
postgres.c:1215
#17 0x00000000008ba9ed in PostgresMain (argc=1, argv=0x1038660,
dbname=0x10384a0 "postgres", username=0x100a7f8 "Kommih") at postgres.c:4243
#18 0x0000000000818d32 in BackendRun (port=0x1030480) at postmaster.c:4377
#19 0x0000000000818510 in BackendStartup (port=0x1030480) at
postmaster.c:4068
#20 0x00000000008149fa in ServerLoop () at postmaster.c:1700
#21 0x00000000008142b0 in PostmasterMain (argc=3, argv=0x1008760) at
postmaster.c:1373
#22 0x000000000073d2b5 in main (argc=3, argv=0x1008760) at main.c:228
(gdb) q

when the data is NULL, there is no data to populate and the tupleDesc is
not updated.
Accessing of NULL pointer leads to crash. Attached quick simple patch fixes
the problem.

Regards,
Haribabu Kommi
Fujitsu Australia