pgsql: Fix jsonb_object_agg crash after eliminating null-valued pairs.

Fix jsonb_object_agg crash after eliminating null-valued pairs.

In commit b61aa76e4 I added an assumption in jsonb_object_agg_finalfn
that it'd be okay to apply uniqueifyJsonbObject repeatedly to a
JsonbValue. I should have studied that code more closely first,
because in skip_nulls mode it removed leading nulls by changing the
"pairs" array start pointer. This broke the data structure's
invariants in two ways: pairs no longer references a repalloc-able
chunk, and the distance from pairs to the end of its array is less
than parseState->size. So any subsequent addition of more pairs is
at high risk of clobbering memory and/or causing repalloc to crash.
Unfortunately, adding more pairs is exactly what will happen when the
aggregate is being used as a window function.

Fix by rewriting uniqueifyJsonbObject to not do that. The prior
coding had little to recommend it anyway.

Reported-by: Alexander Lakhin <exclusion(at)gmail(dot)com>
Author: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Discussion: https://postgr.es/m/ec5e96fb-ee49-4e5f-8a09-3f72b4780538@gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/ef5f559b95e2883c32d20d309d316f0572fd84b5

Modified Files
--------------
src/backend/utils/adt/jsonb.c | 7 ++++--
src/backend/utils/adt/jsonb_util.c | 49 +++++++++++++++----------------------
src/test/regress/expected/jsonb.out | 32 ++++++++++++++++++++++++
src/test/regress/sql/jsonb.sql | 6 +++++
4 files changed, 63 insertions(+), 31 deletions(-)