In PLy_function_build_args(), the code loops repeatedly, constructing one argument at a time and then inserting the argument into a Python list via PyList_SetItem(). This "steals" the reference to the argument: that is, the reference to the new list member is now held by the Python list itself. This works fine, except if an elog occurs. This causes the function's PG_CATCH() block to be invoked, which decrements the reference counts on both the current argument and the list of arguments. If the elog happens to occur during the second or subsequent iteration of the loop, the reference count on the current argument will be decremented twice.
The fix is simple: set the local pointer to the current argument to NULL immediately after adding it to the argument list. This ensures that the Py_XDECREF() in the PG_CATCH() block doesn't double-decrement. I'd like to apply this to HEAD and back branches (as far back as PG_CATCH exists). The broader point is that the current approach to handling reference counting and exceptions in PL/Python seems terribly error-prone. I briefly skimmed the code for other instances of the problem -- while I didn't find any, I don't have a lot of confidence that similar issues don't exist. Any thoughts on how to improve that? (I wonder if we could adapt ResOwner...) -Neil
============================================================ *** src/pl/plpython/plpython.c caab6efbac99de55d61348c6467b72b169c72199 --- src/pl/plpython/plpython.c 29438f318ecb215d1af5aeddd8c4304352d432ac *************** *** 895,900 **** --- 895,901 ---- * FIXME -- error check this */ PyList_SetItem(args, i, arg); + arg = NULL; } } PG_CATCH();
---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq