Paul Ramsey <pram...@cleverelephant.ca> writes:
> This extremely odd case [2] came in via a report using a lot of PostGIS
> functions, but it can be reconfigured into a pure-PostgreSQL crasher [1].
Thanks for the report! Looks like estimate_array_length() is
incautiously assuming that the "root" pointer it receives will
never be NULL.
The overall code path here is eval_const_expressions ->
simplify_function -> cost_qual_eval -> estimate_array_length,
and the proximate cause of root being NULL is that
simplify_function/inline_function don't take a root pointer,
so they pass NULL root to cost_qual_eval.
We could change their signatures ... but it's explicitly documented
that eval_const_expressions allows NULL for root, so there would
presumably still be code paths that'd fail. It looks like the only
safe fix is to ensure that estimate_array_length will cope with NULL
for root.
regards, tom lane
