use plproxy cluster causes postgres Segmentation fault #49
Description
When I repeatedly execute the following SQL in sequence:
select * from dynamic_query($$ select (1,2) $$) as t(a record[]);
select * from dynamic_query($$ select '{a}'::varchar[] $$) as t(a varchar[]);
the master database Segmentation fault.Blow is the core file:
Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 zlib-1.2.7-18.el7.x86_64
(gdb) bt
#0 GetMemoryChunkMethodID (pointer=0xae000000003) at mcxt.c:1457
#1 pfree (pointer=0xae000000003) at mcxt.c:1463
#2 0x00007f327b763a26 in plproxy_free_type (type=0x2c3c6d8) at src/type.c:200
#3 0x00007f327b763a7d in plproxy_free_composite (rec=0x2c3c688) at src/type.c:183
#4 0x00007f327b761a27 in fn_refresh_record (fcinfo=fcinfo@entry=0x2c540b0, func=func@entry=0x2c3c450, proc_tuple=0x7f3234eb8530) at src/function.c:473
#5 0x00007f327b7624d0 in plproxy_compile_and_cache (fcinfo=fcinfo@entry=0x2c540b0) at src/function.c:599
#6 0x00007f327b76269c in compile_and_execute (fcinfo=fcinfo@entry=0x2c540b0) at src/main.c:179
#7 0x00007f327b762b7f in handle_ret_set (fcinfo=0x2c540b0) at src/main.c:214
#8 plproxy_call_handler (fcinfo=0x2c540b0) at src/main.c:254
#9 0x0000000000679f3d in ExecMakeTableFunctionResult (setexpr=0x2c3fae8, econtext=0x2c3f9d0, argContext=, expectedDesc=0x2c40090, randomAccess=false)
at execSRF.c:235
#10 0x000000000068adbc in FunctionNext (node=node@entry=0x2c3f7c8) at nodeFunctionscan.c:94
#11 0x000000000067aafc in ExecScanFetch (recheckMtd=0x68aae0 , accessMtd=0x68ab00 , node=0x2c3f7c8) at execScan.c:132
#12 ExecScan (node=0x2c3f7c8, accessMtd=0x68ab00 , recheckMtd=0x68aae0 ) at execScan.c:181
#13 0x0000000000670c92 in ExecProcNode (node=0x2c3f7c8) at ../../../src/include/executor/executor.h:273
#14 ExecutePlan (execute_once=, dest=0x2c8ea30, direction=, numberTuples=0, sendTuples=true, operation=CMD_SELECT,
use_parallel_mode=, planstate=0x2c3f7c8, estate=0x2c3f5b0) at execMain.c:1670
#15 standard_ExecutorRun (queryDesc=0x2b60180, direction=, count=0, execute_once=) at execMain.c:365
#16 0x00000000007e180e in PortalRunSelect (portal=portal@entry=0x2bf17c0, forward=forward@entry=true, count=0, count@entry=9223372036854775807, dest=dest@entry=0x2c8ea30)
at pquery.c:924
#17 0x00000000007e2c08 in PortalRun (portal=portal@entry=0x2bf17c0, count=count@entry=9223372036854775807, isTopLevel=isTopLevel@entry=true, run_once=run_once@entry=true,
dest=dest@entry=0x2c8ea30, altdest=altdest@entry=0x2c8ea30, qc=qc@entry=0x7ffc38bf40c0) at pquery.c:768
#18 0x00000000007deade in exec_simple_query (query_string=query_string@entry=0x2b34040 "select * from dynamic_query($$ select '{a}'::varchar[] $$) as t(a varchar[]);")
at postgres.c:1274
#19 0x00000000007df0f8 in PostgresMain (dbname=, username=) at postgres.c:4637
#20 0x000000000075ba45 in BackendRun (port=, port=) at postmaster.c:4464
#21 BackendStartup (port=0x2b5fe30) at postmaster.c:4192
#22 ServerLoop () at postmaster.c:1782
#23 0x000000000075cb18 in PostmasterMain (argc=argc@entry=1, argv=argv@entry=0x2b2ebe0) at postmaster.c:1466
#24 0x00000000004b26a8 in main (argc=1, argv=0x2b2ebe0) at main.c:198
(gdb) f 2
#2 0x00007f327b763a26 in plproxy_free_type (type=0x2c3c6d8) at src/type.c:200
200 pfree(type->name);
(gdb) p *type
$1 = {name = 0xae000000003 <Address 0xae000000003 out of bounds>, type_oid = 46384848, io_param = 0, for_send = 3, has_send = false, has_recv = false, by_value = false,
alignment = 32 ' ', is_array = 11, elem_type_oid = 0, elem_type_t = 0xb6000000033, length = 0, io = {out = {output_func = {fn_addr = 0x0, fn_oid = 0, fn_nargs = 0,
fn_strict = false, fn_retset = false, fn_stats = 0 '\000', fn_extra = 0x0, fn_mcxt = 0x0, fn_expr = 0x0}, send_func = {fn_addr = 0x0, fn_oid = 0, fn_nargs = 0,
fn_strict = false, fn_retset = false, fn_stats = 17 '\021', fn_extra = 0x2c1e2c0, fn_mcxt = 0x0, fn_expr = 0x2c1e3a0}}, in = {input_func = {fn_addr = 0x0, fn_oid = 0,
fn_nargs = 0, fn_strict = false, fn_retset = false, fn_stats = 0 '\000', fn_extra = 0x0, fn_mcxt = 0x0, fn_expr = 0x0}, recv_func = {fn_addr = 0x0, fn_oid = 0,
fn_nargs = 0, fn_strict = false, fn_retset = false, fn_stats = 17 '\021', fn_extra = 0x2c1e2c0, fn_mcxt = 0x0, fn_expr = 0x2c1e3a0}}}}
(gdb) p type->name
$2 = 0xae000000003 <Address 0xae000000003 out of bounds>