release-26.1: sql/unsafesql: fix panic in SafeFormatQuery with nil annotations#166176
Open
angles-n-daemons wants to merge 1 commit intocockroachdb:release-26.1from
Open
release-26.1: sql/unsafesql: fix panic in SafeFormatQuery with nil annotations#166176angles-n-daemons wants to merge 1 commit intocockroachdb:release-26.1from
angles-n-daemons wants to merge 1 commit intocockroachdb:release-26.1from
Conversation
FormatAstAsRedactableString unconditionally set FmtAlwaysQualifyTableNames, which requires annotation lookups to resolve fully qualified table names. When SafeFormatQuery was called with nil annotations (as happens in the unsafesql logging path), the formatter panicked on a nil pointer dereference inside Annotations.Get(). The panic was caught by SafeFormatQuery's recover handler, but this meant the query text was replaced with "<panicked query format>" in log output, losing useful diagnostic information. Now FmtAlwaysQualifyTableNames is only set when annotations are non-nil. Without annotations, table names are printed unqualified (e.g. "namespace" instead of "system.public.namespace"), which is strictly better than a panic placeholder. Resolves: cockroachdb#165998 Epic: CRDB-61709 Release note: None Co-Authored-By: roachdev-claude <roachdev-claude-bot@cockroachlabs.com>
|
Thanks for opening a backport. Before merging, please confirm that the change does not break backwards compatibility and otherwise complies with the backport policy. Include a brief release justification in the PR description explaining why the backport is appropriate. All backports must be reviewed by the TL for the owning area. While the stricter LTS policy does not yet apply, please exercise judgment and consider gating non-critical changes behind a disabled-by-default feature flag when appropriate. |
blathers-crl
bot
added
backport
angles-n-daemons
requested review from
DrewKimball
and removed request for
a team
Member
|
This change is |
rafiss
approved these changes
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport 1/1 commits from #166057.
/cc @cockroachdb/release
Summary
FormatAstAsRedactableStringunconditionally setFmtAlwaysQualifyTableNames, which requires annotation lookups to resolve fully qualified table names. WhenSafeFormatQuerywas called with nil annotations (as happens in the unsafesql logging path), the formatter panicked on a nil pointer dereference insideAnnotations.Get().SafeFormatQuery's recover handler, replacing the query text with<panicked query format>in log output and losing useful diagnostic information.FmtAlwaysQualifyTableNamesis only set when annotations are non-nil. Without annotations, table names are printed unqualified (e.g.namespaceinstead ofsystem.public.namespace), which is strictly better than a panic placeholder.Resolves: #165998
Epic: CRDB-61709
Release note: None
Release justification: Prevents a panic from occurring during unsafe sql gate formatting.