Hi,
My colleague, Alex Kozhemyakin, stumbled upon a bug in DefineRange().
The problem is here:
@@ -1707,7 +1707,6 @@ DefineRange(ParseState *pstate,
CreateRangeStmt *stmt)
/* Create cast from the range type to its multirange type */
CastCreate(typoid, multirangeOid, castFuncOid, 'e', 'f',
DEPENDENCY_INTERNAL);
- pfree(multirangeTypeName);
pfree(multirangeArrayName);
return address;
Given a query
create type textrange1 as range(subtype=text,
multirange_type_name=multirange_of_text, collation="C");
the string "multirange_of_text" in the parse tree is erroneously
pfree'd. The corrupted parse tree is then passed to event triggers.
There is another branch in DefineRange() that genereates a multirange
type name which is fine to free.
I wonder what is the proper fix. Just drop pfree() altogether or add
pstrdup() instead? I see that makeMultirangeTypeName() doesn't bother
freeing its buf.
Here is a gdb session demonstating the bug:
Breakpoint 1, ProcessUtilitySlow (pstate=0x5652e80c7730,
pstmt=0x5652e80a6a40, queryString=0x5652e80a5790 "create type textrange1
as range(subtype=text, multirange_type_name=multirange_of_text,
collation=\"C\");",
context=PROCESS_UTILITY_TOPLEVEL, params=0x0, queryEnv=0x0,
qc=0x7ffe835b4be0, dest=<optimized out>) at
/pgwork/REL_14_STABLE/src/src/backend/tcop/utility.c:1621
1621 address = DefineRange((CreateRangeStmt *)
parsetree);
(gdb) p *(Value *)((TypeName *)((DefElem *)((CreateRangeStmt
*)parsetree)->params->elements[1].ptr_value)->arg)->names->elements[0].ptr_value
$1 = {type = T_String, val = {ival = -401972176, str = 0x5652e80a6430
"multirange_of_text"}}
(gdb) n
1900 if (!commandCollected)
(gdb) p *(Value *)((TypeName *)((DefElem *)((CreateRangeStmt
*)parsetree)->params->elements[1].ptr_value)->arg)->names->elements[0].ptr_value
$2 = {type = T_String, val = {ival = -401972176, str = 0x5652e80a6430
'\177' <repeats 32 times>, "\020"}}
Regards,
--
Sergey Shinderuk https://postgrespro.com/
