| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jan Urbański <wulczer(at)wulczer(dot)org> |
| Cc: | Postgres - Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pl/python long-lived allocations in datum->dict transformation |
| Date: | 2012-02-14 00:35:33 |
| Message-ID: | 24084.1329179733@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
=?UTF-8?B?SmFuIFVyYmHFhHNraQ==?= <wulczer(at)wulczer(dot)org> writes:
> On 12/02/12 00:48, Tom Lane wrote:
>> What's more, it's unclear that
>> it won't malfunction altogether if the function is used recursively
>> (ie, what if PLyDict_FromTuple ends up calling the same function again?)
> I was a bit worried about that, but the only place where
> PLyDict_FromTuple calls into some other code is when it calls the type's
> specific I/O function, which AFAICT can't call back into user code
> (except for user-defined C I/O routines). It's not very comfortable, but
> I think PLyDict_FromTuple can be allowed to be non-reentrant.
I think that's pretty short-sighted. Even if it's safe today (which
I am not 100% convinced of), there are plenty of foreseeable reasons
why it might^Wwill break in the future.
* There is no reason to think that datatype I/O functions will never
be written in anything but C. People have asked repeatedly for the
ability to write them in higher-level languages. I doubt that would
ever be possible in plpgsql, but with languages that can do
bit-twiddling like plpython or plperl, it seems possible.
* A datatype I/O function, even if written in C, could call user-written
code. See domain_in for example, which can invoke arbitrary processing
via domain constraint checking. If you were proposing to patch
PLyObject_ToTuple rather than the other direction, this patch would be
breakable today. Admittedly the breakage would require some rather
contrived coding ("your domain's constraint check function does
*what*?"), but it would still be a security bug.
* Once we have the ability to associate a temp memory context with
plpython, there will be a temptation to use it for other purposes
besides this one, and it will not be long before such a purpose does
open a recursion risk, even if there's none there today. (Speaking of
which, it sure looks to me like PLyObject_ToDatum, PLyObject_ToTuple,
etc leak memory like there's no tomorrow.)
> OTOH if we want to make it reentrant, some more tinkering would be in order.
I think that's in order.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2012-02-14 00:42:53 | pg_test_fsync performance |
| Previous Message | Marko Kreen | 2012-02-13 23:39:06 | Re: Speed dblink using alternate libpq tuple storage |