On Fri, Dec 12, 2025 at 9:36 AM Robert Haas <[email protected]> wrote: > At least for me, setting pg_plan_advice.advice to any of these strings > does not provoke a crash. What I discovered after a bit of > experimentation is that you get the crash if you (a) set the string to > something like this and then (b) run an EXPLAIN.
Makes sense (this fuzzer was exercising pgpa_format_advice_target()). > > With USE_ASSERT_CHECKING, that should help, but I'm not sure if it > > does without. (I could have sworn there was a conversation about that > > at some point but I can't remember any of the keywords.) Could also > > just make a dummy assignment. Or tag pg_plan_advice_dsa_area() with > > __attribute__((returns_nonnull)), but that's more portability work. > > As in initialize ca_pointer to InvalidDsaPointer? Yeah. Next bit of fuzzer feedback: I need the following diff in pgpa_trove_add_to_hash() to avoid a crash when the hashtable starts to fill up: > element = pgpa_trove_entry_insert(hash, key, &found); > + if (!found) > + element->indexes = NULL; > element->indexes = bms_add_member(element->indexes, index); The advice string that triggered this is horrific, but I can send it to you offline if you're morbidly curious. (I can spend time to minimize it or I can get more fuzzer coverage, and I'd rather do the latter right now :D) --Jacob
