Open harukat opened 1 week ago
I also found the reproduce steps in V1.8.
db1(5432)=# \dx
List of installed extensions
Name | Version | Schema | Description
--------------------+---------+------------+------------------------------------------------------------------------
pg_stat_statements | 1.8 | public | track planning and execution statistics of all SQL statements executed
pg_store_plans | 1.8 | public | track plan statistics of all SQL statements executed
plpgsql | 1.0 | pg_catalog | PL/pgSQL procedural language
(3 rows)
db1(5432)=# SELECT pg_store_plans_reset();
pg_store_plans_reset
----------------------
(1 row)
db1(5432)=# SELECT plan FROM pg_stat_statements s JOIN pg_store_plans p USING (queryid) ORDER BY mean_time DESC LIMIT 10;
plan
------------------------------------------
Result (cost=0.00..0.01 rows=1 width=4)
(1 row)
db1(5432)=# \q
[postgres@host1]$ unlink $PGDATA/pg_stat_tmp/pgsp_plan_texts.stat
[postgres@host1]$ psql db1
psql (13.15)
Type "help" for help.
db1(5432)=# SELECT plan FROM pg_stat_statements s JOIN pg_store_plans p USING (queryid) ORDER BY mean_time DESC LIMIT 10;
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.
Above reproduce steps on the patched version:
db1(5432)=# SELECT pg_store_plans_reset();
pg_store_plans_reset
----------------------
(1 row)
db1(5432)=# SELECT plan FROM pg_stat_statements s JOIN pg_store_plans p USING (queryid) ORDER BY mean_time DESC LIMIT 10;
plan
------------------------------------------
Result (cost=0.00..0.01 rows=1 width=4)
(1 row)
db1(5432)=# \q
[postgres@host1]$ unlink $PGDATA/pg_stat_tmp/pgsp_plan_texts.stat
[postgres@host1]$ psql db1
psql (13.15)
Type "help" for help.
db1(5432)=# SELECT plan FROM pg_stat_statements s JOIN pg_store_plans p USING (queryid) ORDER BY mean_time DESC LIMIT 10;
plan
----------------
<invalid plan>
<invalid plan>
(2 rows)
A SEGV occurred in the code of pg_store_plan during operation. The pg_store_plans module used are source built from the latest code in the repository at this time, but EXTENTSION haven't be updated from version 1.5.
A stack trace of the core dump is shown below.
In the pg_store_plans_internal() function, the value of char* pstr was obtained, which could be NULL, but the value was passed to the pgsp_json_textize() function and init_json_lex_context() function without NULL checking, and finally strlen(0) was executed, causing the crash.
It is considered better to add a NULL check somewhere (with a warning log message if necessary) and simply abort processing on the data.