Segfault in PL/Python
I have discovered an obscure segfault condition in PL/Python. In
PLy_output(), when the elog() call in the TRY branch throws an exception
(this can happen when a statement timeout kicks in, for example), the
PyErr_SetString() call in the CATCH branch can cause a segfault, because
the Py_XDECREF(so) call before it releases memory that is still used by
the sv variable that PyErr_SetString() uses as argument, because sv
points into memory owned by so.
Patch is attached. This should be backpatched back to 8.0, where this
code was introduced.
I also threw in a couple of volatile declarations for variables that are
used before and after the TRY. I don't think they caused the crash that
I observed, but they could become issues.
Attachments:
plpython-crash-fix.patchtext/x-patch; charset=UTF-8; name=plpython-crash-fix.patchDownload+6-3
On Sat, 2009-10-31 at 14:24 +0200, Peter Eisentraut wrote:
I have discovered an obscure segfault condition in PL/Python. In
PLy_output(), when the elog() call in the TRY branch throws an exception
(this can happen when a statement timeout kicks in, for example), the
PyErr_SetString() call in the CATCH branch can cause a segfault, because
the Py_XDECREF(so) call before it releases memory that is still used by
the sv variable that PyErr_SetString() uses as argument, because sv
points into memory owned by so.Patch is attached. This should be backpatched back to 8.0, where this
code was introduced.I also threw in a couple of volatile declarations for variables that are
used before and after the TRY. I don't think they caused the crash that
I observed, but they could become issues.
This patch has been applied to 8.0 - 8.5.