Re: Undefined behavior detected by new clang's ubsan

On Tue, Jan 20, 2026 at 2:00 PM Alexander Lakhin <exclusion(at)gmail(dot)com> wrote:
> With UBSAN_OPTIONS=print_stacktrace=1, I can see:
> #0 0x607efd762a61 in qsort_arg .../src/port/../../src/include/lib/sort_template.h:314:15
> #1 0x607efd3fa268 in multirange_canonicalize .../src/backend/utils/adt/multirangetypes.c:488:2
> #2 0x607efd3fa268 in make_multirange .../src/backend/utils/adt/multirangetypes.c:655:16

Indeed, there are calls like "make_multirange(mltrngtypoid, rangetyp,
0, NULL);", where 0 is the count and NULL is the ranges. Then
multirange_canonicalize() has

qsort_arg(ranges, input_range_count, sizeof(RangeType *),
range_compare, rangetyp);

I haven't dug further, but I wonder if multirange_canonicalize() does
anything useful at all with "0, NULL" input from make_multirange().
Anyway, the complaint is about this place:

if (n < 7)
{
for (pm = a + ST_POINTER_STEP; pm < a + n * ST_POINTER_STEP;
pm += ST_POINTER_STEP)
...

I don't think it's great to pass a NULL pointer to a sort, but the
length could conceivably be zero for future degenerate cases, so we
could silence the warning by adding "if (n < 2) return;" before the
for-loop. The advantage of doing that anyway is it allows us to remove
all four of the "if (d_ > ST_POINTER_STEP)" branches in the recursion
part. That's better for readability.

--
John Naylor
Amazon Web Services