Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wSbRJ-003HsC-2J
	for pgsql-bugs@arkaria.postgresql.org;
	Thu, 28 May 2026 14:10:25 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wSbRH-00COT1-1H
	for pgsql-bugs@arkaria.postgresql.org;
	Thu, 28 May 2026 14:10:24 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <matheusssilv97@gmail.com>)
	id 1wSbRH-00COSt-0V
	for pgsql-bugs@lists.postgresql.org;
	Thu, 28 May 2026 14:10:24 +0000
Received: from mail-qv1-xf2c.google.com ([2607:f8b0:4864:20::f2c])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <matheusssilv97@gmail.com>)
	id 1wSbRG-00000001AzN-213M
	for pgsql-bugs@lists.postgresql.org;
	Thu, 28 May 2026 14:10:23 +0000
Received: by mail-qv1-xf2c.google.com with SMTP id
 6a1803df08f44-8b8e98fd885so155558266d6.0
        for <pgsql-bugs@lists.postgresql.org>;
 Thu, 28 May 2026 07:10:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1779977421; x=1780582221;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:in-reply-to:content-language:references
         :to:from:subject:user-agent:mime-version:date:message-id:from:to:cc
         :subject:date:message-id:reply-to;
        bh=mtVSKPC6t8Mk9US0hFZV6X2kIpzaoD3uvgMRO/r2xhY=;
        b=kb8nk/0e7cJ0dD2H8znt9m7q+ALAl7nR7l6XXYpiQG5yQLl6avHwUH31uC8MTy64KV
         5mTEdZ+t34FaNgiQ+9GpJxNI+bZTSHYUsH4tf+Hjjk4hXPO21TcgKqdkUpqYJBqmirlk
         2qq6m/IgqcOWPHRmLC2AuwIP99dJzBsSSeICLzbRo1xPK5HJKxiy0dy4vVJ0klzVStBI
         M4LtDSFPUqP2p7A3GTAFfxa54I4Jd5SEvLp2K8nktmuoAQmVeHR9eT0mb35Dld3Drasf
         iFkR1YuIKH+AgMQmmXawyVpkTsLHF4OSvWGV7PR4zX4IavnLXldE4TGT8oWM0Ltutsb+
         34Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1779977421; x=1780582221;
        h=content-transfer-encoding:in-reply-to:content-language:references
         :to:from:subject:user-agent:mime-version:date:message-id:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=mtVSKPC6t8Mk9US0hFZV6X2kIpzaoD3uvgMRO/r2xhY=;
        b=XWnXOmmPxZHc2ocYXJvCDupVr926JrVgm23d5LoBC/9IamGcHJzMrxRqrY+3noAHnm
         z+BWkPQY6+ZtRHbJlHg9cWG8SAUg3KEYbgZLgMq3oQ8+AxZWK83ZiRMCKnbaPu62llm+
         /eGnYNQfwPVv1ADwvMxERrv55SsqB04r2iF25CO8iuEd/A2E02E6BJE9L3UqTvUC8lzN
         Jb+B9PMd+mU6vaK7uhq1Qx8Sa9PkZN1Pd2rvTm+t4eBF6dYBp237pXAf62JZPGc+ext5
         xorn7Ihpr2w8u+Imo2I70p2s5S+heZDhmv1DrJPamp8m8eMGNgu4wF3MZgAnbCOzoWqJ
         X7sA==
X-Forwarded-Encrypted: i=1;
 AFNElJ9Cghq6HjJ9kKjHHOBKPcpzCOHlLCydKw1Ndi4Y7MCXhaRF93Rt7AfXAHE0ut9tubvY3tPqFh60Tvo3@lists.postgresql.org
X-Gm-Message-State: AOJu0Yz19GWUmWVyTiHja1+wgMiYxDEoXx90/yvQXm/zTN4yVaaOOgDH
	7ruteHqk2yfWXO+8sAv/q10149aOk6/sFLOwtamgNtIFV1L45SGPnJpN
X-Gm-Gg: Acq92OEqhTzVF3Cg0/mklFpMws0Au3/q7IpFP9lYgmLTp3BgYHw0EsKrgpeCMm7EnR6
	sW+FiZeUGZ+OUwFozECQasX5T4ur2cxhnUkzXQc8CfSy6cwvsnxuVymF0gjYJVjyMz+29lhYePA
	HoP3pPv1T7i9GRhM9g5NpcD7PtZ0PaWq5PaFCr8zmOGkZO/ZvY7nk3f/L2euaKs05NJATTywTdo
	BZ/4FTpO6fZFNVj4w4hx+fIfjaGZi/drLxcO2thpSWQfYFQtYZtAwLNbUZK88mmEN/tKQB8/EdB
	BXVJfYX454wgl88aUMgEC2u/7FqyVyXUadOTfnkAaTopF1RaOQXuQ79IdMF0I6QSJfN/34TzZLk
	Yhr4q4peAXNJYgmWLd2K+qfPcvQxLCNVaEjKDYVMJnJK4y6fdLJsGnCyYUMb9xeh/cTrDFtfncU
	Mh5m/CECNYw5MIHvN/cVm5Hc+uExiRKl/LG4N2UvSZ17gr+VacamfMrHHljNtrg6IfHB0suCNDi
	8ZAO+00FtEvvdhXEjI+kgOZy6QNbAil
X-Received: by 2002:a05:6214:d48:b0:8a0:d08c:a720 with SMTP id
 6a1803df08f44-8cc7b53d4bcmr436839656d6.17.1779977421437;
        Thu, 28 May 2026 07:10:21 -0700 (PDT)
Received: from ?IPV6:2804:14d:328a:a59c:1166:2b6a:3001:a372?
 ([2804:14d:328a:a59c:1166:2b6a:3001:a372])
        by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-8ccd76e1f1fsm14943016d6.9.2026.05.28.07.10.20
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 28 May 2026 07:10:21 -0700 (PDT)
Message-ID: <82e1fd5c-4c8f-4166-a4ba-93e01cb7e231@gmail.com>
Date: Thu, 28 May 2026 11:10:18 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: BUG #19480: PL/Python SRF crashes (SIGSEGV) when function is
 replaced mid-iteration: use-after-free in PLy_funct
From: Matheus Alcantara <matheusssilv97@gmail.com>
To: adoros@starfishstorage.com, pgsql-bugs@lists.postgresql.org
References: <19480-f1f9fdce30462fc4@postgresql.org>
 <DIS405H05GE0.1OPMN9BEKKMS1@gmail.com>
Content-Language: en-US
In-Reply-To: <DIS405H05GE0.1OPMN9BEKKMS1@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: 
 <https://www.postgresql.org/message-id/82e1fd5c-4c8f-4166-a4ba-93e01cb7e231%40gmail.com>
Precedence: bulk

On 25/05/26 19:26, Matheus Alcantara wrote:
> On Fri May 15, 2026 at 8:11 AM -03, PG Bug reporting form wrote:
>> The root cause is that srfstate->savedargs is tied to proc->mcxt (which can
>> be deleted at any per-call boundary) rather than to
>> funcctx->multi_call_memory_ctx (which lives for the entire SRF lifetime).
>>
>> Option A — allocate savedargs in funcctx->multi_call_memory_ctx:
>> Change PLy_function_save_args to accept a MemoryContext parameter and pass
>> funcctx->multi_call_memory_ctx from PLy_exec_function. The saved PyObject*
>> references are valid regardless of which MemoryContext holds the struct.
>>
>> Option B — detect proc rebuild and discard stale savedargs:
>> After PLy_procedure_get returns a new proc, check whether it differs from
>> the
>> proc that created srfstate->savedargs. If so, discard savedargs
>> (PLy_function_drop_args or simply set to NULL) and skip the restore.
>>
> 
> Hi, thank you for the very detailed bug report. I've managed to
> reproduce the issue on master.
> 
> Option A seems to fix the issue (see attached patch) but I've found
> another issue while playing with this that I think it's related:
> 
> ...
> 
> This is because when PLy_procedure_delete() is executed on
> PLy_procedure_get() it also destroy information related with recursive
> functions, such as "calldepth", "argstack" and "globals" which cause the
> assert failure Assert(proc->calldepth > 0) on PLy_global_args_pop() when
> it's executed on PG_CATCH block on PLy_exec_function() or EXC_BAD_ACCESS
> when accessing "argstack" or "globals".
> 
> Although changing the memory context where savedargs is allocated fix
> the reported issue I think that the long term fix is to preserve such
> necessary execution information during PLyProcedure re-creation. I'm
> still studying the code to see if and how this can implemented.
> 

This is being tricky to debug. I'm not being able to reproduce the 
issue with assert disabled, not even with the steps shared on the bug 
report.

Andrzej could you please confirm if you hit this failure with assert 
enable? And if it's enable, could you please check if it's also 
happens with assert disabled?

Also, the 17.10 version was released some weeks ago, can you also test 
against this new minor release?

--
Matheus Alcantara
EDB: https://www.enterprisedb.com