Re: BUG #19480: PL/Python SRF crashes (SIGSEGV) when function is replaced mid-iteration: use-after-free in PLy_funct

"Matheus Alcantara" <matheusssilv97(at)gmail(dot)com> writes:
> On Mon Jun 1, 2026 at 8:26 PM -03, Tom Lane wrote:
>> Actually ... if memory serves, SQL-language functions use ValuePerCall
>> mode, so there probably already is a solution to this embedded in
>> functions.c. Did you look at that?

> I dind't look at this before but this was exactly the right call. SQL
> functions handle this by maintaining a per-call-site cache struct
> (SQLFunctionCache) in fn_extra that holds both the pointer to the
> long-lived hash entry and the execution state. The use_count is
> incremented when we first obtain the function and decremented via a
> MemoryContextCallback when fn_mcxt is deleted.

> I've adapted the same approach for PL/Python.

I've not read this patch yet but your high-level description seems
on-target.

Assuming the patch withstands review, there are three ways we could
proceed:

1. Hold it for v20.

2. Sneak it into v19.

3. Treat it as a back-patchable fix and put it into v18 as well.
(Going further back than v18 seems unreasonable because funccache.c
doesn't exist before that, so we'd have to back-patch it too.)

I do not think that #3 is really a great idea, mainly because the
failure case doesn't seem very likely to be hit in production,
and the lack of previous reports about this very ancient bug
bears that out.

I do find some attraction in #2, mainly because it would get the fix
into the field a year earlier than #1. But considering we're past
beta1 it may be too late for #2 to be reasonable either.

Looping in the RMT to see what they think...

regards, tom lane