Fix crasher bug in array_position(s)

array_position and its cousin array_positions were caching the element
type equality function's FmgrInfo without being careful enough to put it
in a long-lived context.  This is obviously broken but it didn't matter
in most cases; only when using arrays of records (involving record_eq)
it becomes a problem.  The fix is to ensure that the type's equality
function's FmgrInfo is cached in the array_position's flinfo->fn_mcxt
rather than the current memory context.

Apart from record types, the only other case that seems complex enough
to possibly cause the same problem are range types.  I didn't find a way
to reproduce the problem with those, so I only include the test case
submitted with the bug report as regression test.

Bug report and patch: Junseok Yang
Discussion: https://postgr.es/m/CAE+byMupUURYiZ6bKYgMZb9pgV1CYAijJGqWj-90W=nS7uEOeA@mail.gmail.com
Backpatch to 9.5, where array_position appeared.

diff --git a/src/backend/utils/adt/array_userfuncs.c b/src/backend/utils/adt/array_userfuncs.c
index 58a176fe81c7661f8ce9a1f9ad7de34d9293aedb..f20891a7ddf2c3da41eea715e4319718a4f3afba 100644 (file)
--- a/src/backend/utils/adt/array_userfuncs.c
+++ b/src/backend/utils/adt/array_userfuncs.c
@@ -795,7 +795,8 @@ array_position_common(FunctionCallInfo fcinfo)
                       format_type_be(element_type))));
 
        my_extra->element_type = element_type;
-       fmgr_info(typentry->eq_opr_finfo.fn_oid, &my_extra->proc);
+       fmgr_info_cxt(typentry->eq_opr_finfo.fn_oid, &my_extra->proc,
+                     fcinfo->flinfo->fn_mcxt);
    }
 
    /* Examine each array element until we find a match. */
@@ -933,7 +934,8 @@ array_positions(PG_FUNCTION_ARGS)
                       format_type_be(element_type))));
 
        my_extra->element_type = element_type;
-       fmgr_info(typentry->eq_opr_finfo.fn_oid, &my_extra->proc);
+       fmgr_info_cxt(typentry->eq_opr_finfo.fn_oid, &my_extra->proc,
+                     fcinfo->flinfo->fn_mcxt);
    }
 
    /*

diff --git a/src/test/regress/expected/arrays.out b/src/test/regress/expected/arrays.out
index 73fb5a248b47cf181422158c8c6a3bca351c72ca..702a2383d7dafda1d6d75a63106824332f1a7d7c 100644 (file)
--- a/src/test/regress/expected/arrays.out
+++ b/src/test/regress/expected/arrays.out
@@ -478,6 +478,20 @@ SELECT array_positions('[2:4]={1,2,3}'::int[], 1);
  {2}
 (1 row)
 
+SELECT
+    array_position(ids, (1, 1)),
+    array_positions(ids, (1, 1))
+        FROM
+(VALUES
+    (ARRAY[(0, 0), (1, 1)]),
+    (ARRAY[(1, 1)])
+) AS f (ids);
+ array_position | array_positions 
+----------------+-----------------
+              2 | {2}
+              1 | {1}
+(2 rows)
+
 -- operators
 SELECT a FROM arrtest WHERE b = ARRAY[[[113,142],[1,147]]];
        a       

diff --git a/src/test/regress/sql/arrays.sql b/src/test/regress/sql/arrays.sql
index b1dd65144050b97a1a2d81b667a38ca112d5c192..76787054861cb88804cb575519ac23425eb7b7f4 100644 (file)
--- a/src/test/regress/sql/arrays.sql
+++ b/src/test/regress/sql/arrays.sql
@@ -221,6 +221,15 @@ $$ LANGUAGE plpgsql;
 SELECT array_position('[2:4]={1,2,3}'::int[], 1);
 SELECT array_positions('[2:4]={1,2,3}'::int[], 1);
 
+SELECT
+    array_position(ids, (1, 1)),
+    array_positions(ids, (1, 1))
+        FROM
+(VALUES
+    (ARRAY[(0, 0), (1, 1)]),
+    (ARRAY[(1, 1)])
+) AS f (ids);
+
 -- operators
 SELECT a FROM arrtest WHERE b = ARRAY[[[113,142],[1,147]]];
 SELECT NOT ARRAY[1.1,1.2,1.3] = ARRAY[1.1,1.2,1.3] AS "FALSE";