Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wZyFg-001RPT-3D for pgsql-bugs@arkaria.postgresql.org; Wed, 17 Jun 2026 21:56:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wZyFd-007iEk-2O for pgsql-bugs@arkaria.postgresql.org; Wed, 17 Jun 2026 21:56:49 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wZyFd-007iEa-1Z for pgsql-bugs@lists.postgresql.org; Wed, 17 Jun 2026 21:56:49 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wZyFX-00000000rpO-03JS for pgsql-bugs@lists.postgresql.org; Wed, 17 Jun 2026 21:56:43 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.18.1/8.18.1) with ESMTP id 65HLudKD1149448; Wed, 17 Jun 2026 17:56:40 -0400 From: Tom Lane To: "Matheus Alcantara" cc: adoros@starfishstorage.com, pgsql-bugs@lists.postgresql.org Subject: Re: BUG #19480: PL/Python SRF crashes (SIGSEGV) when function is replaced mid-iteration: use-after-free in PLy_funct In-reply-to: References: <19480-f1f9fdce30462fc4@postgresql.org> <982975.1779981146@sss.pgh.pa.us> <2868592.1780356411@sss.pgh.pa.us> Comments: In-reply-to "Matheus Alcantara" message dated "Fri, 05 Jun 2026 15:09:26 -0300" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1149446.1781733399.1@sss.pgh.pa.us> Date: Wed, 17 Jun 2026 17:56:39 -0400 Message-ID: <1149447.1781733399@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk "Matheus Alcantara" writes: > Patch attached. I had been planning to wait for v20 development to open, but with RMT approval the target is now v19 instead, so I'd like to get this done before the end of June. I looked through the patch and found a couple of issues immediately: * Your refactoring to have just one PLy_procedure_get call in plpython3_call_handler is no good. You missed the comment block just above: /* * Push execution context onto stack. It is important that this get * popped again, so avoid putting anything that could throw error between * here and the PG_TRY. */ exec_ctx = PLy_push_execution_context(!nonatomic); + proc = PLy_procedure_get(fcinfo, false); + PG_TRY(); { I counsel putting those PLy_procedure_get calls back where they were. * I also question the decision to refactor where/how is_trigger is computed; that doesn't seem necessary to the purposes of the patch, nor is it a clear improvement. I'd just as soon leave that mechanism alone as much as we can. If there is an improvement to be had, let's address that separately. (Alternative thought: should we rely on the isTrigger/isEventTrigger bools that funccache.c sets up for us? I'm not quite sure if getting friendly with struct CachedFunctionHashKey is a good idea or not.) * I find it confusing that you called "PLyProcedureCache *" variables "pcache" in some places and "proc" in others. The latter choice seems poor because mostly "proc" is a PLyProcedure pointer. Using "proc" leads to constructions like "proc->proc", which I don't find intelligible. * The new code could do with more comments. I realize that plpython is poorly commented in many places, but let's see if we can leave it better than we found it. regards, tom lane