Re: segmentation fault in pg head with SQL function.

Fri, 16 Mar 2018 00:09:12 -0700 

On Fri, Mar 16, 2018 at 11:35:13AM +0530, Prabhat Sahu wrote:
> I found a segmentation fault  on pg master Head with below steps and
> stacktrace.
> 
> postgres=# CREATE OR REPLACE FUNCTION func1() RETURNS VOID
> LANGUAGE SQL
> AS $$
> select 10;
> $$;
> CREATE FUNCTION
> 
> postgres=# select func1();
> server closed the connection unexpectedly
> This probably means the server terminated abnormally
> before or while processing the request.
> The connection to the server was lost. Attempting reset: Failed.
> !> \q

(Adding Peter and Tom in CC)

Problem reproducible here, and the bug has been introduced by fd1a421f.
It seems to me that the function should not be authorized to be created
to begin with, as it returns an integer in its last query, where I think
that check_sql_fn_retval is doing it wrong when called in
inline_function() as we know that it handles a function, and not a
procedure thanks to the first sanity checks at the top of the function.

Here is what happens before this commit:
=# CREATE OR REPLACE FUNCTION func1() RETURNS VOID
LANGUAGE SQL
AS $$
select 10;
$;
ERROR:  42P13: return type mismatch in function declared to return void
DETAIL:  Actual return type is integer.
CONTEXT:  SQL function "func1"
LOCATION:  check_sql_fn_retval, functions.c:1655

As far as I can see, here is the faulty code:
-   if (!rettype)
+   /*
+    * If it's declared to return VOID, we don't care what's in the function.
+    * (This takes care of the procedure case, as well.)
+    */
+   if (rettype == VOIDOID)
        return false;

While this can be bypassed for a procedure, we should fall down and fail
for a SQL function returning void depending on the tlist generated by
the last SQL query.

@@ -1624,8 +1622,7 @@ check_sql_fn_retval(Oid func_id, Oid rettype, List 
*queryTreeList,
    if (fn_typtype == TYPTYPE_BASE ||
        fn_typtype == TYPTYPE_DOMAIN ||
        fn_typtype == TYPTYPE_ENUM ||
-       fn_typtype == TYPTYPE_RANGE ||
-       rettype == VOIDOID)
+       fn_typtype == TYPTYPE_RANGE
This also causes the error message generated to change.

Peter, what's the intention here?  Shouldn't void still be treated as a
scalar type?
--
Michael

Attachment: signature.asc
Description: PGP signature

Reply via email to