Обсуждение: BUG #17583: Server crashes on executing CROSS JOIN with very big number of tables

The following bug has been logged on the website:

Bug reference:      17583
Logged by:          Egor Chindyaskin
Email address:      kyzevan23@mail.ru
PostgreSQL version: 14.5
Operating system:   Ubuntu 22.04
Description:

I got server crashed while executing the following query: 
(echo "SELECT * FROM t1 ";for((i=2;i<100000;i++));do echo "CROSS JOIN t$i
";done; echo ";") | psql
with the following backtrace below: 
Core was generated by `postgres: egorchin egorchin [local] SELECT
            '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055f3a3bcbf7f in transformFromClauseItem
(pstate=pstate@entry=0x7fe1c7085a08, n=0x7fe1c78f9a38,
top_nsitem=top_nsitem@entry=0x7ffe400960d8,
namespace=namespace@entry=0x7ffe400960e8) at parse_clause.c:1056
1056    parse_clause.c: No such file or directory.
(gdb) bt
#0  0x000055f3a3bcbf7f in transformFromClauseItem
(pstate=pstate@entry=0x7fe1c7085a08, n=0x7fe1c78f9a38,
top_nsitem=top_nsitem@entry=0x7ffe400960d8,
namespace=namespace@entry=0x7ffe400960e8) at parse_clause.c:1056
#1  0x000055f3a3bcc014 in transformFromClauseItem
(pstate=pstate@entry=0x7fe1c7085a08, n=0x7fe1c78f9b48,
top_nsitem=top_nsitem@entry=0x7ffe400961f8,
namespace=namespace@entry=0x7ffe40096208) at parse_clause.c:1169
#2  0x000055f3a3bcc014 in transformFromClauseItem
(pstate=pstate@entry=0x7fe1c7085a08, n=0x7fe1c78f9c58,
top_nsitem=top_nsitem@entry=0x7ffe40096318,
namespace=namespace@entry=0x7ffe40096328) at parse_clause.c:1169
#3  0x000055f3a3bcc014 in transformFromClauseItem
(pstate=pstate@entry=0x7fe1c7085a08, n=0x7fe1c78f9d68,
top_nsitem=top_nsitem@entry=0x7ffe40096438,
namespace=namespace@entry=0x7ffe40096448) at parse_clause.c:1169
...
#29106 0x000055f3a3bcc014 in transformFromClauseItem
(pstate=pstate@entry=0x7fe1c7085a08, n=0x7fe1c7085780,
top_nsitem=top_nsitem@entry=0x7ffe40894888,
namespace=namespace@entry=0x7ffe40894890) at parse_clause.c:1169
#29107 0x000055f3a3bcce6b in transformFromClause
(pstate=pstate@entry=0x7fe1c7085a08, frmList=0x7fe1c7085818) at
parse_clause.c:132
#29108 0x000055f3a3bac6af in transformSelectStmt (pstate=0x7fe1c7085a08,
stmt=stmt@entry=0x7fe1c7085898) at analyze.c:1270
#29109 0x000055f3a3bad181 in transformStmt
(pstate=pstate@entry=0x7fe1c7085a08,
parseTree=parseTree@entry=0x7fe1c7085898) at analyze.c:323
#29110 0x000055f3a3bae442 in transformOptionalSelectInto
(pstate=pstate@entry=0x7fe1c7085a08, parseTree=0x7fe1c7085898) at
analyze.c:268
#29111 0x000055f3a3bae477 in transformTopLevelStmt
(pstate=pstate@entry=0x7fe1c7085a08,
parseTree=parseTree@entry=0x7fe1c8695ff0) at analyze.c:218
#29112 0x000055f3a3bae4df in parse_analyze
(parseTree=parseTree@entry=0x7fe1c8695ff0,
sourceText=sourceText@entry=0x7fe1c904b050 "SELECT * FROM t1 \nCROSS JOIN t2
\nCROSS JOIN t3 \nCROSS JOIN t4 \nCROSS JOIN t5 \nCROSS JOIN t6 \nCROSS JOIN
t7 \nCROSS JOIN t8 \nCROSS JOIN t9 \nCROSS JOIN t10 \nCROSS JOIN t11 \nCROSS
JOIN t12 \nCROSS JOIN t13"..., paramTypes=paramTypes@entry=0x0,
numParams=numParams@entry=0, queryEnv=queryEnv@entry=0x0) at analyze.c:127
#29113 0x000055f3a3e5a6e8 in pg_analyze_and_rewrite
(parsetree=parsetree@entry=0x7fe1c8695ff0,
query_string=query_string@entry=0x7fe1c904b050 "SELECT * FROM t1 \nCROSS
JOIN t2 \nCROSS JOIN t3 \nCROSS JOIN t4 \nCROSS JOIN t5 \nCROSS JOIN t6
\nCROSS JOIN t7 \nCROSS JOIN t8 \nCROSS JOIN t9 \nCROSS JOIN t10 \nCROSS
JOIN t11 \nCROSS JOIN t12 \nCROSS JOIN t13"...,
paramTypes=paramTypes@entry=0x0, numParams=numParams@entry=0,
queryEnv=queryEnv@entry=0x0) at postgres.c:656
#29114 0x000055f3a3e5ae21 in exec_simple_query
(query_string=query_string@entry=0x7fe1c904b050 "SELECT * FROM t1 \nCROSS
JOIN t2 \nCROSS JOIN t3 \nCROSS JOIN t4 \nCROSS JOIN t5 \nCROSS JOIN t6
\nCROSS JOIN t7 \nCROSS JOIN t8 \nCROSS JOIN t9 \nCROSS JOIN t10 \nCROSS
JOIN t11 \nCROSS JOIN t12 \nCROSS JOIN t13"...) at postgres.c:1129
#29115 0x000055f3a3e5ceee in PostgresMain (argc=argc@entry=1,
argv=argv@entry=0x7ffe40894be0, dbname=<optimized out>, username=<optimized
out>) at postgres.c:4496
#29116 0x000055f3a3db7291 in BackendRun (port=port@entry=0x55f3a5be7250) at
postmaster.c:4530
#29117 0x000055f3a3dba544 in BackendStartup (port=port@entry=0x55f3a5be7250)
at postmaster.c:4252
#29118 0x000055f3a3dba77d in ServerLoop () at postmaster.c:1745
#29119 0x000055f3a3dbbcc4 in PostmasterMain (argc=argc@entry=3,
argv=argv@entry=0x55f3a5bbe3d0) at postmaster.c:1417
#29120 0x000055f3a3cfc156 in main (argc=3, argv=0x55f3a5bbe3d0) at
main.c:209

Richard Guo <guofenglinux@gmail.com> writes:
> On Fri, Aug 12, 2022 at 5:03 PM Richard Guo <guofenglinux@gmail.com> wrote:
>> Function transformFromClauseItem() is driven to stack overflow. We need
>> to add some check_stack_depth() checks here and maybe other more places.

> Attach a patch to add the check for transformFromClauseItem.

Pushed.  It's possible there are some other places, but I think most
of the parser doesn't need it because it'll call transformExpr which
already checks.

            regards, tom lane