Avoid crash in estimate_array_length with null root pointer.

Commit 9391f71 added a "PlannerInfo *root" parameter to
estimate_array_length, but failed to consider the possibility that
NULL would be passed for that, leading to a null pointer dereference.

We could rectify the particular case shown in the bug report by fixing
simplify_function/inline_function to pass through the root pointer.
However, as long as eval_const_expressions is documented to accept
NULL for root, similar hazards would remain.  For now, let's just do
the narrow fix of hardening estimate_array_length to not crash.
Its behavior with NULL root will be the same as it was before
9391f71, so this is not too awful.

Per report from Fredrik Widlert (via Paul Ramsey).  Back-patch to v17
where 9391f71 came in.

Discussion: https://postgr.es/m/518339E7-173E-45EC-A0FF-9A4A62AA4F40@cleverelephant.ca

Author: tglsfdc

src/backend/optimizer/path/costsize.c

@@ -4724,6 +4724,9 @@ cost_rescan(PlannerInfo *root, Path *path,
  *		preferred since it allows caching of the results.)
  *		The result includes both a one-time (startup) component,
  *		and a per-evaluation component.
+ *
+ * Note: in some code paths root can be passed as NULL, resulting in
+ * slightly worse estimates.
  */
 void
 cost_qual_eval(QualCost *cost, List *quals, PlannerInfo *root)

src/backend/utils/adt/selfuncs.c

@@ -2131,6 +2131,9 @@ scalararraysel(PlannerInfo *root,
  *
  * Note: the result is integral, but we use "double" to avoid overflow
  * concerns.  Most callers will use it in double-type expressions anyway.
+ *
+ * Note: in some code paths root can be passed as NULL, resulting in
+ * slightly worse estimates.
  */
 double
 estimate_array_length(PlannerInfo *root, Node *arrayexpr)
@@ -2154,7 +2157,7 @@ estimate_array_length(PlannerInfo *root, Node *arrayexpr)
 	{
 		return list_length(((ArrayExpr *) arrayexpr)->elements);
 	}
-	else if (arrayexpr)
+	else if (arrayexpr && root)
 	{
 		/* See if we can find any statistics about it */
 		VariableStatData vardata;