From 79c89f1f4e939b7a3f3bb4a76476dcda651cd58b Mon Sep 17 00:00:00 2001 From: Alvaro Herrera Date: Fri, 9 Dec 2016 12:42:17 -0300 Subject: [PATCH] Fix crasher bug in array_position(s) array_position and its cousin array_positions were caching the element type equality function's FmgrInfo without being careful enough to put it in a long-lived context. This is obviously broken but it didn't matter in most cases; only when using arrays of records (involving record_eq) it becomes a problem. The fix is to ensure that the type's equality function's FmgrInfo is cached in the array_position's flinfo->fn_mcxt rather than the current memory context. Apart from record types, the only other case that seems complex enough to possibly cause the same problem are range types. I didn't find a way to reproduce the problem with those, so I only include the test case submitted with the bug report as regression test. Bug report and patch: Junseok Yang Discussion: https://postgr.es/m/CAE+byMupUURYiZ6bKYgMZb9pgV1CYAijJGqWj-90W=nS7uEOeA@mail.gmail.com Backpatch to 9.5, where array_position appeared. --- src/backend/utils/adt/array_userfuncs.c | 6 ++++-- src/test/regress/expected/arrays.out | 14 ++++++++++++++ src/test/regress/sql/arrays.sql | 9 +++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/backend/utils/adt/array_userfuncs.c b/src/backend/utils/adt/array_userfuncs.c index 8d6fa41a3c5..9eb678add44 100644 --- a/src/backend/utils/adt/array_userfuncs.c +++ b/src/backend/utils/adt/array_userfuncs.c @@ -795,7 +795,8 @@ array_position_common(FunctionCallInfo fcinfo) format_type_be(element_type)))); my_extra->element_type = element_type; - fmgr_info(typentry->eq_opr_finfo.fn_oid, &my_extra->proc); + fmgr_info_cxt(typentry->eq_opr_finfo.fn_oid, &my_extra->proc, + fcinfo->flinfo->fn_mcxt); } /* Examine each array element until we find a match. */ @@ -933,7 +934,8 @@ array_positions(PG_FUNCTION_ARGS) format_type_be(element_type)))); my_extra->element_type = element_type; - fmgr_info(typentry->eq_opr_finfo.fn_oid, &my_extra->proc); + fmgr_info_cxt(typentry->eq_opr_finfo.fn_oid, &my_extra->proc, + fcinfo->flinfo->fn_mcxt); } /* diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out index baccca14afd..59e4472e4fd 100644 --- a/src/test/regress/expected/arrays.out +++ b/src/test/regress/expected/arrays.out @@ -589,6 +589,20 @@ SELECT array_positions('[2:4]={1,2,3}'::int[], 1); {2} (1 row) +SELECT + array_position(ids, (1, 1)), + array_positions(ids, (1, 1)) + FROM +(VALUES + (ARRAY[(0, 0), (1, 1)]), + (ARRAY[(1, 1)]) +) AS f (ids); + array_position | array_positions +----------------+----------------- + 2 | {2} + 1 | {1} +(2 rows) + -- operators SELECT a FROM arrtest WHERE b = ARRAY[[[113,142],[1,147]]]; a diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql index a2c3db11274..2fbc699f604 100644 --- a/src/test/regress/sql/arrays.sql +++ b/src/test/regress/sql/arrays.sql @@ -262,6 +262,15 @@ $$ LANGUAGE plpgsql; SELECT array_position('[2:4]={1,2,3}'::int[], 1); SELECT array_positions('[2:4]={1,2,3}'::int[], 1); +SELECT + array_position(ids, (1, 1)), + array_positions(ids, (1, 1)) + FROM +(VALUES + (ARRAY[(0, 0), (1, 1)]), + (ARRAY[(1, 1)]) +) AS f (ids); + -- operators SELECT a FROM arrtest WHERE b = ARRAY[[[113,142],[1,147]]]; SELECT NOT ARRAY[1.1,1.2,1.3] = ARRAY[1.1,1.2,1.3] AS "FALSE";