PLpgSQL_estate estate is from stack, and it can be corrupted immediately after leaving plpgsql_exec_function.

When I prepare calling of func_abort, I cannot to use any field from estate, and I have to use local estate
instead.

Author: okbob

src/cursors_leaks.c

@@ -33,7 +33,7 @@ int			plpgsql_check_cursors_leaks_level = WARNING;
 typedef struct CursorTrace
 {
 	int			stmtid;
-	PLpgSQL_execstate *estate;
+	void		*plugin_info;
 	char	   *curname;
 } CursorTrace;
 
@@ -195,7 +195,7 @@ func_end(PLpgSQL_execstate *estate,
 		 * Iterate over traced cursors. Remove slots for tracing immediately,
 		 * when traced cursor is closed already.
 		 */
-		if (ct->curname && ct->estate == estate)
+		if (ct->curname && ct->plugin_info == estate->plugin_info)
 		{
 			if (SPI_cursor_find(ct->curname))
 			{
@@ -344,7 +344,7 @@ stmt_end(PLpgSQL_execstate *estate, PLpgSQL_stmt *stmt, plch_fextra *fextra)
 
 			ct->stmtid = stmt->stmtid;
 
-			ct->estate = estate;
+			ct->plugin_info = estate->plugin_info;
 			ct->curname = pstrdup(curname);
 
 			MemoryContextSwitchTo(oldcxt);

src/fextra_cache.c

@@ -187,6 +187,7 @@ fextra_init_hk(plch_fextra_hk *hk, PLpgSQL_function *func)
 
 }
 
+
 static void
 fextra_CacheObjectCallback(Datum arg, int cacheid, uint32 hashValue)
 {
@@ -206,6 +207,17 @@ fextra_CacheObjectCallback(Datum arg, int cacheid, uint32 hashValue)
 
 		if (!fextra->is_valid && fextra->use_count == 0)
 		{
+
+#if PG_VERSION_NUM >= 180000
+
+			fextra->func->cfunc.use_count--;
+
+#else
+
+			fextra->func->use_count--;
+
+#endif
+
 			MemoryContextDelete(fextra->mcxt);
 			if (hash_search(fextra_ht,
 							&fextra->hk,
@@ -257,6 +269,17 @@ plch_get_fextra(PLpgSQL_function *func)
 
 		if (found && !fextra->is_valid && fextra->use_count == 0)
 		{
+
+#if PG_VERSION_NUM >= 180000
+
+			fextra->func->cfunc.use_count--;
+
+#else
+
+			fextra->func->use_count--;
+
+#endif
+
 			MemoryContextReset(fextra->mcxt);
 		}
 
@@ -317,22 +340,23 @@ plch_get_fextra(PLpgSQL_function *func)
 		fextra->max_deep = 0;
 		init_fextra_stmt(fextra, 0, &naturalid, 1, 0, (PLpgSQL_stmt *) func->action);
 
-		fextra->is_valid = true;
-	}
-
-	fextra->use_count++;
-	fextra->func = func;
-
 #if PG_VERSION_NUM >= 180000
 
-	func->cfunc.use_count++;
+		func->cfunc.use_count++;
 
 #else
 
-	func->use_count++;
+		func->use_count++;
 
 #endif
 
+		fextra->func = func;
+
+		fextra->is_valid = true;
+	}
+
+	fextra->use_count++;
+
 	return fextra;
 }
 

src/pldbgapi3.c

@@ -158,6 +158,8 @@ static void
 plugin_info_reset(void *arg)
 {
 	plpgsql_plugin_info *plugin_info = (plpgsql_plugin_info*) arg;
+	PLpgSQL_execstate loc_estate;
+	PLpgSQL_execstate *old_cur_estate;
 	MemoryContext exec_mcxt = CurrentMemoryContext;
 	int			stmts_stack_size;
 	int			i;
@@ -173,6 +175,19 @@ plugin_info_reset(void *arg)
 	if (!plugin_info->fextra)
 		return;
 
+	/*
+	 * In this moment, the estate content can be corrupted, because
+	 * estate is from stack of already ended function.
+	 *
+	 * Inside abort methods, the estate fields should not be referenced!
+	 */
+	memset(&loc_estate, 0, sizeof(PLpgSQL_execstate));
+	loc_estate.func = plugin_info->fextra->func;
+
+	old_cur_estate = loc_estate.func->cur_estate;
+	loc_estate.func->cur_estate = &loc_estate;
+	plugin_info->estate = &loc_estate;
+
 	stmts_stack_size = plugin_info->stmts_stack_size;
 	plugin_info->stmts_stack_size = 0;
 
@@ -189,6 +204,11 @@ plugin_info_reset(void *arg)
 				plugin_info->estate->plugin_info = plugin_info->plugin_info[i];
 
 				MemoryContextSwitchTo(exec_mcxt);
+
+				/*
+				 * In this moment, the estate content can be corrupted.
+				 * Inside abort methods, the estate fields should not be referenced!
+				 */
 				plugins[i]->func_abort(plugin_info->estate,
 									   plugin_info->estate->func,
 									   plugin_info->fextra);
@@ -198,15 +218,19 @@ plugin_info_reset(void *arg)
 
 	PG_CATCH();
 	{
+		plugin_info->fextra->func->cur_estate = old_cur_estate;
 		plch_release_fextra(plugin_info->fextra);
 		plugin_info->fextra = NULL;
+		plugin_info->estate = NULL;
 
 		PG_RE_THROW();
 	}
 	PG_END_TRY();
 
+	plugin_info->fextra->func->cur_estate = old_cur_estate;
 	plch_release_fextra(plugin_info->fextra);
 	plugin_info->fextra = NULL;
+	plugin_info->estate = NULL;
 }
 
 /*