Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVZx4-0023m6-04 for pgsql-bugs@arkaria.postgresql.org; Fri, 05 Jun 2026 19:11:30 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wVZx2-00E0BL-2b for pgsql-bugs@arkaria.postgresql.org; Fri, 05 Jun 2026 19:11:28 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wVZx2-00E0An-1L; Fri, 05 Jun 2026 19:11:28 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wVZx0-00000001HiG-3HHS; Fri, 05 Jun 2026 19:11:27 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.18.1/8.18.1) with ESMTP id 655JBPiu3770959; Fri, 5 Jun 2026 15:11:25 -0400 From: Tom Lane To: "Matheus Alcantara" cc: adoros@starfishstorage.com, pgsql-bugs@lists.postgresql.org, rmt@lists.postgresql.org Subject: Re: BUG #19480: PL/Python SRF crashes (SIGSEGV) when function is replaced mid-iteration: use-after-free in PLy_funct In-reply-to: References: <19480-f1f9fdce30462fc4@postgresql.org> <982975.1779981146@sss.pgh.pa.us> <2868592.1780356411@sss.pgh.pa.us> Comments: In-reply-to "Matheus Alcantara" message dated "Fri, 05 Jun 2026 15:09:26 -0300" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <3770957.1780686685.1@sss.pgh.pa.us> Date: Fri, 05 Jun 2026 15:11:25 -0400 Message-ID: <3770958.1780686685@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk "Matheus Alcantara" writes: > On Mon Jun 1, 2026 at 8:26 PM -03, Tom Lane wrote: >> Actually ... if memory serves, SQL-language functions use ValuePerCall >> mode, so there probably already is a solution to this embedded in >> functions.c. Did you look at that? > I dind't look at this before but this was exactly the right call. SQL > functions handle this by maintaining a per-call-site cache struct > (SQLFunctionCache) in fn_extra that holds both the pointer to the > long-lived hash entry and the execution state. The use_count is > incremented when we first obtain the function and decremented via a > MemoryContextCallback when fn_mcxt is deleted. > I've adapted the same approach for PL/Python. I've not read this patch yet but your high-level description seems on-target. Assuming the patch withstands review, there are three ways we could proceed: 1. Hold it for v20. 2. Sneak it into v19. 3. Treat it as a back-patchable fix and put it into v18 as well. (Going further back than v18 seems unreasonable because funccache.c doesn't exist before that, so we'd have to back-patch it too.) I do not think that #3 is really a great idea, mainly because the failure case doesn't seem very likely to be hit in production, and the lack of previous reports about this very ancient bug bears that out. I do find some attraction in #2, mainly because it would get the fix into the field a year earlier than #1. But considering we're past beta1 it may be too late for #2 to be reasonable either. Looping in the RMT to see what they think... regards, tom lane