Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wVaKE-00240Z-2t
	for pgsql-bugs@arkaria.postgresql.org;
	Fri, 05 Jun 2026 19:35:26 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wVaKD-00EFYB-2l
	for pgsql-bugs@arkaria.postgresql.org;
	Fri, 05 Jun 2026 19:35:25 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <matheusssilv97@gmail.com>)
	id 1wVaKD-00EFY2-1w
	for pgsql-bugs@lists.postgresql.org;
	Fri, 05 Jun 2026 19:35:25 +0000
Received: from mail-qk1-x735.google.com ([2607:f8b0:4864:20::735])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <matheusssilv97@gmail.com>)
	id 1wVaKB-00000001HwA-0hKF
	for pgsql-bugs@lists.postgresql.org;
	Fri, 05 Jun 2026 19:35:24 +0000
Received: by mail-qk1-x735.google.com with SMTP id
 af79cd13be357-91563382bcfso268075985a.0
        for <pgsql-bugs@lists.postgresql.org>;
 Fri, 05 Jun 2026 12:35:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1780688122; x=1781292922;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=R0NyRFbiGV4tWeyRBN76jpL5c4icsZOacyEGAvHd6RQ=;
        b=sobVfhgqUPoJPcmiTx8klyJckwCl5M1hzEWqSQA7yNZrcE2vr2rrFC0LJUL4EgOa0B
         PKR1SHhBrGhKpyywTUlt9JC0XgUVwi7w7XXNjyhmuULKjpZCEq3B/PGfs8C2uLth3Cy1
         7E7NdU/0buTEJ9D0urQceku7ZxaVyen9NVCaS/Hff/vJ4Gmc71hWedG//BAtLAJG2cQl
         XV7z6w8JeEJWqxHi4RQ7rct/pnXoZhiWVe8ZFZqTksKipYg+XmjDmIY2urnHnFmxusiE
         RyVwBATvw6xZO4l8j0OjWgMEOzctk60HCW62QGn5xCyiBYwI3R0modWoK7mHTHQawERK
         0O1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1780688122; x=1781292922;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=R0NyRFbiGV4tWeyRBN76jpL5c4icsZOacyEGAvHd6RQ=;
        b=g6yrmqo1k2GQ0MVNb78hda+R+U+kp7KOFCb+z9W+/FrsVk939I63NzbITrfi9pw9IZ
         0HY4ANv7w+6zW0OL4YwAD5UrqQUaCVBFmEC1ls4XxnF8Fl0o9fMX/fnmbAvg3KaXMDKe
         6nbI6FiicfsFrydYa9Y/6bJkx8r6RcvBQlyVctSgwgb62EvLIOglnz91KnIFaIGflt5t
         Lw/cCqHqtSWCDaXyEujwebw3y3SiAXsr4yKsZbh6VMQHdw6XuCpuLP/m4ZzsONX4CYvr
         eT4xm50EJRroYLrd1UCpC/TZ7o/JLIqdIK7fGSP3P1YzL/R/Jw1W+9v0rGv/zQza+NMh
         GimA==
X-Forwarded-Encrypted: i=1;
 AFNElJ/6zjsPvqyMDvKxv+736bMbrR6kffq80vVNWj4KaU6LqLzscn9zjHlYMNczsRSswgz3pluU/fQAfTPz@lists.postgresql.org
X-Gm-Message-State: AOJu0YxnQBX1hxEtUN58v0I8T/sVqqwfqvd6le406QxQIpZ2i2BDxua3
	CCXRh/JAQXMVu9dCGxJjAQqHA5oPDuHc8OM+2/xn/3FV7caHoRrF7Kgc
X-Gm-Gg: Acq92OHolP6orB7uHvyOrKUVktA0D73YYtr3k8sY84VG0tNnS0ypyqbIUIfSBTTfYQE
	IuXemtBwa4/7/kUMrEr27QdT/x7scGrv39H92uyAP10SfkRdVpt5df57jDky4JO5EXzNNtB+Bjz
	WUtZv3Rmuqh0KgIXLDiP8Ab5x9/I/f1oeiZqM385C/MIfCZzF1Jh9e+/8906asPDBiNyUbmLzru
	OHsEJy22SExWRG0QOTcWCZpzjqUk+THuMiG1VFuS2gR8+gclC6Z+TkLMmpRxB0THyPK28RNQxeL
	/Lhi/81ABQvPuOi1n0SOM7W/P+TuKp/IUniO04M445p7g7JJww+QEgMDfuT8H/7hO8+uVySz+so
	AXA0PBv5ktfOPw1Dnf/bX6rORnbFnZeLOyCP7rnhsvZFdgVaGy59YXM/UfQksIi3ebJr82Vxun6
	mc1v/d36DgU/Vb/fzqtZbuzp5WEXEZ4EJSzT7u0RXl3cjiodyWXFO49VUWS21azJrPo2w68VOHU
	D1XikQvGwdoZQN/6A5niXFoidkclvCs
X-Received: by 2002:a05:620a:31a3:b0:915:5378:4397 with SMTP id
 af79cd13be357-915a9df31b0mr921634685a.46.1780688122173;
        Fri, 05 Jun 2026 12:35:22 -0700 (PDT)
Received: from ?IPV6:2804:14d:328a:a59c:60d6:dd03:a73f:5898?
 ([2804:14d:328a:a59c:60d6:dd03:a73f:5898])
        by smtp.gmail.com with ESMTPSA id
 af79cd13be357-9158a3e0d55sm980517085a.43.2026.06.05.12.35.20
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 05 Jun 2026 12:35:21 -0700 (PDT)
Message-ID: <9ecd2bd5-0fec-4ec2-9800-eb071683128c@gmail.com>
Date: Fri, 5 Jun 2026 16:35:18 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: BUG #19480: PL/Python SRF crashes (SIGSEGV) when function is
 replaced mid-iteration: use-after-free in PLy_funct
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: adoros@starfishstorage.com, pgsql-bugs@lists.postgresql.org,
 rmt@lists.postgresql.org
References: <19480-f1f9fdce30462fc4@postgresql.org>
 <DIS405H05GE0.1OPMN9BEKKMS1@gmail.com> <982975.1779981146@sss.pgh.pa.us>
 <DIY2500FL0UW.Z4M7NYWMGGA4@gmail.com> <2868592.1780356411@sss.pgh.pa.us>
 <DJ1BFHKUC06G.1NO3D0WC9KBV6@gmail.com> <3770958.1780686685@sss.pgh.pa.us>
Content-Language: en-US
From: Matheus Alcantara <matheusssilv97@gmail.com>
In-Reply-To: <3770958.1780686685@sss.pgh.pa.us>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: 
 <https://www.postgresql.org/message-id/9ecd2bd5-0fec-4ec2-9800-eb071683128c%40gmail.com>
Precedence: bulk

On 05/06/26 16:11, Tom Lane wrote:
> "Matheus Alcantara" <matheusssilv97@gmail.com> writes:
>> On Mon Jun 1, 2026 at 8:26 PM -03, Tom Lane wrote:
>>> Actually ... if memory serves, SQL-language functions use ValuePerCall
>>> mode, so there probably already is a solution to this embedded in
>>> functions.c.  Did you look at that?
> 
>> I dind't look at this before but this was exactly the right call. SQL
>> functions handle this by maintaining a per-call-site cache struct
>> (SQLFunctionCache) in fn_extra that holds both the pointer to the
>> long-lived hash entry and the execution state. The use_count is
>> incremented when we first obtain the function and decremented via a
>> MemoryContextCallback when fn_mcxt is deleted.
> 
>> I've adapted the same approach for PL/Python.
> 
> I've not read this patch yet but your high-level description seems
> on-target.
> 
> Assuming the patch withstands review, there are three ways we could
> proceed:
> 
> 1. Hold it for v20.
> 
> 2. Sneak it into v19.
> 
> 3. Treat it as a back-patchable fix and put it into v18 as well.
> (Going further back than v18 seems unreasonable because funccache.c
> doesn't exist before that, so we'd have to back-patch it too.)
> 
> I do not think that #3 is really a great idea, mainly because the
> failure case doesn't seem very likely to be hit in production,
> and the lack of previous reports about this very ancient bug
> bears that out.
> 
> I do find some attraction in #2, mainly because it would get the fix
> into the field a year earlier than #1.  But considering we're past
> beta1 it may be too late for #2 to be reasonable either.
> 

Yeah, this sounds a better option for me too, otherwise we can go with 
#1. Back-patching this seems complicated, so I agree #3 does not seems 
a good idea.

> Looping in the RMT to see what they think...
> 

Ok

--
Matheus Alcantara
EDB: https://www.enterprisedb.com