From e679564e90fec35d16bcee992b5192f721a8f2d9 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sat, 20 Mar 2010 00:58:14 +0000
Subject: [PATCH] Clear error_context_stack and debug_query_string at the
 beginning of proc_exit, so that we won't try to attach any context printouts
 to messages that get emitted while exiting.  Per report from Dennis Koegel,
 the context functions won't necessarily work after we've started shutting
 down the backend, and it seems possible that debug_query_string could be
 pointing at freed storage as well.  The context information doesn't seem
 particularly relevant to such messages anyway, so there's little lost by
 suppressing it.

Back-patch to all supported branches.  I can only demonstrate a crash with
log_disconnections messages back to 8.1, but the risk seems real in 8.0 and
before anyway.
---
 src/backend/storage/ipc/ipc.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/backend/storage/ipc/ipc.c b/src/backend/storage/ipc/ipc.c
index 2616ffb817..4b5ff57b97 100644
--- a/src/backend/storage/ipc/ipc.c
+++ b/src/backend/storage/ipc/ipc.c
@@ -13,7 +13,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/storage/ipc/ipc.c,v 1.105 2009/06/11 14:49:01 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/storage/ipc/ipc.c,v 1.105.2.1 2010/03/20 00:58:14 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -28,6 +28,7 @@
 #include "postmaster/autovacuum.h"
 #endif
 #include "storage/ipc.h"
+#include "tcop/tcopprot.h"
 
 
 /*
@@ -163,6 +164,19 @@ proc_exit_prepare(int code)
 	InterruptHoldoffCount = 1;
 	CritSectionCount = 0;
 
+	/*
+	 * Also clear the error context stack, to prevent error callbacks
+	 * from being invoked by any elog/ereport calls made during proc_exit.
+	 * Whatever context they might want to offer is probably not relevant,
+	 * and in any case they are likely to fail outright after we've done
+	 * things like aborting any open transaction.  (In normal exit scenarios
+	 * the context stack should be empty anyway, but it might not be in the
+	 * case of elog(FATAL) for example.)
+	 */
+	error_context_stack = NULL;
+	/* For the same reason, reset debug_query_string before it's clobbered */
+	debug_query_string = NULL;
+
 	/* do our shared memory exits first */
 	shmem_exit(code);