Hi, On Fri, Apr 10, 2026 at 1:03 PM Jeff Davis <[email protected]> wrote:
> On Sun, 2026-04-05 at 11:06 -0400, Andrew Dunstan wrote:
> > Pushed. I have moved the remaining get_*_ddl items to PG20-1
>
> The line:
>
> role_settings = DatumGetArrayTypeP(datum);
>
> should be DatumGetArrayTypePCopy(), because it's being pfree()d later.
> The existing code will sometimes make a copy and sometimes not, e.g.:
>
> -- settings are contrived to make the datum inline
> CREATE USER u1;
> ALTER ROLE u1 SET search_path = 'public, pg_catalog, pg_temp';
> ALTER ROLE u1 SET work_mem='64MB';
> ALTER ROLE u1 SET statement_timeout='30s';
> ALTER ROLE u1 SET lock_timeout='10s';
> ALTER ROLE u1 SET idle_in_transaction_session_timeout = '60s';
> SELECT pg_get_role_ddl('u1');
> ERROR: pfree called with invalid pointer 0x7986dd0c7cc8 (header
> 0x0000400600000000)
>
Yes, it appears to be a bug. Attached a patch to fix this. Tested with the
attached patch and don't see server crashing after that.
postgres=# CREATE DATABASE crashtest TEMPLATE template0 LC_COLLATE 'C'
LC_CTYPE 'C';
ALTER DATABASE crashtest SET search_path = 'public, pg_catalog';
ALTER DATABASE crashtest SET work_mem = '64MB';
ALTER DATABASE crashtest SET statement_timeout = '30s';
ALTER DATABASE crashtest SET random_page_cost = 1.5;
SELECT pg_get_database_ddl('crashtest');
CREATE DATABASE
ALTER DATABASE
ALTER DATABASE
ALTER DATABASE
ALTER DATABASE
pg_get_database_ddl
------------------------------------------------------------------------------------------------------------
CREATE DATABASE crashtest WITH TEMPLATE = template0 ENCODING = 'UTF8'
LOCALE_PROVIDER = libc LOCALE = 'C';
ALTER DATABASE crashtest OWNER TO azureuser;
ALTER DATABASE crashtest SET search_path TO 'public, pg_catalog';
ALTER DATABASE crashtest SET work_mem TO '64MB';
ALTER DATABASE crashtest SET statement_timeout TO '30s';
ALTER DATABASE crashtest SET random_page_cost TO '1.5';
(6 rows)
Thanks,
Satya
v1-0001-ddlutils-pfree-crash.patch
Description: Binary data
