Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wNYVf-000tzf-2d for pgsql-bugs@arkaria.postgresql.org; Thu, 14 May 2026 16:02:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wNYVd-00De70-0x for pgsql-bugs@arkaria.postgresql.org; Thu, 14 May 2026 16:02:01 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wNYVd-00De6e-09 for pgsql-bugs@lists.postgresql.org; Thu, 14 May 2026 16:02:01 +0000 Received: from mail-oi1-x229.google.com ([2607:f8b0:4864:20::229]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wNYVb-00000000YyK-1q1a for pgsql-bugs@lists.postgresql.org; Thu, 14 May 2026 16:02:00 +0000 Received: by mail-oi1-x229.google.com with SMTP id 5614622812f47-482de4ef03aso280863b6e.1 for ; Thu, 14 May 2026 09:01:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778774519; x=1779379319; darn=lists.postgresql.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=52MECUhaPrVx8j/HTEEhekingOICMbSyK1DzMB5NbqI=; b=U7GshUv2HP5d1OEVTMPa2fbsAWt+38SsAmwEL+J5ZoCTplP+Segg9qyUSsY3HBmW/O x/U274OkWW5pWPFiaG1hUx4AlSWKYanaeaEtixYJm5GxVFOHMLzXLGSDUROUbGNtRUzF 8LtAUxBoRVAWRWLinZU/Ojgf+nS34Mz/pqhTK7JrjBx5sa7F6J8P2DUPAeosLl2uKYDZ x8GSz8wZkdSF6LqizxYKjBQ86LwrTQC9H0lJn0P5fiMGIz07gDG/u7jxM8UUgcyKIiVC Cwe8G/H2Srw3X1uD97PUzORSmyaDJXHbeCXrnWbWz8RM9Wtz8ihP7sTk8Vu+3DUB+zS2 dXZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778774519; x=1779379319; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=52MECUhaPrVx8j/HTEEhekingOICMbSyK1DzMB5NbqI=; b=dnsEoysc3Y3SCbT3vwAg0bt5yb/YdXy241NJji6Ux/K/Z4cpdXYCDsVUC9TzM3DOcm 1oSP8Lb/kZwCsVcpArz5wCV4B9kIt2Vnn/Tl2AcacPtQ5Q+h/dPEFA1XSx1Olu87dFJ/ KibFGOHk+XjLu/Cg7rwtXg0BpqCfaI7biKALBb9G/XcTZ4pyXBF00Mg1ZqyCFze9vH7m oUSsk7jh6E3CcoQ9eDRABMQZrDoAARsB7DxEAhvbF1aB7scSr7g+YC9Lxw4N6ks90ypE jqJjhq7Cl8qi3rJJCk5xVyB+G26/R3DcUdPyAwqYz+IV0dciuoYBhgMAFKY78xtS8hUG hGJw== X-Forwarded-Encrypted: i=1; AFNElJ8qPHY0YYZ11GjX6GpfE9wsA9fitYZpWZypYVD45J+TdTYSPd0ZUSM4kyvt+GswZ30/3+MYwGFf2om0@lists.postgresql.org X-Gm-Message-State: AOJu0YwrOaC+9WCeTsWcKP/Gr1pHBxtAqljrhQlomNP/N9gTSM3TRt3o XllznuvVE+Njvzu6TXPCDnerMLdVcuPLzejxclZAX4nQRdBPDA8VpbFb X-Gm-Gg: Acq92OFA1kUhx0OoHr1GGTA4fJ69Z9QpcRFsI9R9K7chW8EKVqbJL/3NUok5Y867KxC SjHU7WQcVhs1qep0CBTRNpXeTRpLucD3YQ6Y6uvQcMprAfoYlGBtOFJauuPFbSCYcL9KX/H12Du hmGTNRKweNE8WvueJ+CieVnJphTmP96HF0OvlGb+4921SSR8jfp4/0jY2wfRBHbleUcvKt8TnU1 t1E3W6BpVh2flF1Bo2U1oBD3ORHqn8KwkSAlmACXc1lgqx4rgi7wSqnvUuZubGEnu8d/IgqQ1ee dcpS9DInk2Bk8YCPiRsBihRwdzpaGWKMTt0O75/XW3DJrhom/2GcHxfwhYQFjtVIXGCgh3QRglC kCRBsRYEkQWdy0WYf2ObsYUIcmX5clQMTjPxGArMrGTewZ4U/drZ5m1eR8hMrqp4JxMPJvtrifp bS5qhiPmK2FFEgwUKW5/CD9U9Bng2NNXW2+Kma5aW2ZVst8in5g5yiJHlGW1ldjdFtMzoV0WOEV pApjV2pD/5MZIFY7zulog== X-Received: by 2002:a05:6808:309c:b0:479:eead:df9 with SMTP id 5614622812f47-482e446fd96mr106738b6e.4.1778774518372; Thu, 14 May 2026 09:01:58 -0700 (PDT) Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172]) by smtp.gmail.com with ESMTPSA id 5614622812f47-482d379f377sm1626347b6e.7.2026.05.14.09.01.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 May 2026 09:01:57 -0700 (PDT) Date: Thu, 14 May 2026 11:01:55 -0500 From: Nathan Bossart To: Ayush Tiwari Cc: pierre.forstmann@gmail.com, pgsql-bugs@lists.postgresql.org Subject: Re: BUG #19476: Segmentation fault in contrib/spi Message-ID: References: <19476-bd04ea6241345303@postgresql.org> <1357efa6-dddb-4e60-ba6f-e88d03a4e010@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, May 13, 2026 at 12:57:47AM +0530, Ayush Tiwari wrote: > I have rebased the minimal fix on current master. It is essentially > the same shape as the snippet you suggested -- emit the NULL keyword > directly when SPI_getvalue() returns NULL, otherwise pass through > quote_literal_cstr() as today. Attached as v2-0001. > > I dropped my earlier 0002 patch. The CVE fix already addressed the > quoting/escaping concerns that motivated half of it. I'm confused why you dropped 0002. Reusing the new key values for subsequent updates seems like a bug worth fixing. However, note that the parameter symbol approach doesn't work well for cases like this: CREATE EXTENSION refint; CREATE TABLE p (a int); CREATE TABLE f (a xid); CREATE TRIGGER t AFTER DELETE OR UPDATE ON p FOR EACH ROW EXECUTE PROCEDURE check_foreign_key(1, 'c', 'a', 'f', 'a'); INSERT INTO p VALUES (1); UPDATE p SET a = 2; With a rebased version of 0002 applied, the UPDATE statement fails like this: ERROR: column "a" is of type xid but expression is of type integer LINE 1: update f set a = $2 where a = $1 ^ HINT: You will need to rewrite or cast the expression. QUERY: update f set a = $2 where a = $1 Presumably the problem is that we're using the wrong argument type for the foreign key. I'm not sure this is trivial to fix; it seems like we'd need to provide that information in CREATE TRIGGER or look up the foreign key type within the trigger function itself. Perhaps the best we can do is to avoid caching a plan in this case. Regarding 0001, note that the refint docs state the following: Note that the primary/unique key columns should be marked NOT NULL and should have a unique index. So maybe we could alternatively teach check_foreign_key() to either ERROR or do nothing instead. On the other hand, given this case seemed to accidentally work before the CVE fix, it's arguably worth fixing. -- nathan