On Mon, Apr 16, 2018 at 10:48 AM, Alvaro Herrera
<alvherre@alvh.no-ip.org> wrote:
> and tuplestore_end does this:
> if (state->myfile)
> BufFileClose(state->myfile);
> without setting anything in state to NULL; so we're relying on the
> caller fs->tstore to null to avoid repeated tuplestore_end calls. I
> can't see any way for this to misbehave, but maybe the funcstate appears
> more than once in the PerFuncState array, and we clean it correctly the
> first time around and then invoke the tuplestore_end() the second time
> to the memory that was previously freed? I think this makes no sense
> unless we share FunctionScanPerFuncState elements -- do we?
I have no reason to think that we do. Offhand, I find it more likely
that some executor slot that imagines that it owns the tuple frees the
tuple once, which is followed by a call to tuplestore_end() that frees
the same tuple a second time (a double-free). As I mentioned, we've
seen several bugs of that general variety in both tuplestore and
tuplesort in the past. Some of these have been very subtle.
Note that pgpool is involved here. I don't know much about pgpool, and
maybe that's totally irrelevant.
--
Peter Geoghegan