check_createrole_self_grant and check_synchronized_standby_slots
were allocating memory on a LOG elevel without checking if the
allocation succeeded or not, which would have led to a segfault
on allocation failure.
On top of that, a number of callsites were using the ERROR level,
relying on erroring out rather than returning false to allow the
GUC machinery handle it gracefully. Other callsites used WARNING
instead of LOG. While neither being not wrong, this changes all
check_ functions do it consistently with LOG.
init_custom_variable gets a promoted elevel to FATAL to keep
the guc_malloc error handling in line with the rest of the
error handling in that function which already call FATAL. If
we encounter an OOM in this callsite there is no graceful
handling to be had, better to error out hard.
Backpatch the fix to check_createrole_self_grant down to v16
and the fix to check_synchronized_standby_slots down to v17
where they were introduced.
Author: Daniel Gustafsson <daniel@yesql.se>
Reported-by: Nikita <pm91.arapov@gmail.com>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Bug: #18845
Discussion: https://postgr.es/m/18845-
582c6e10247377ec@postgresql.org
Backpatch-through: 16
list_free(elemlist);
/* assign new value */
- *extra = guc_malloc(ERROR, (RM_MAX_ID + 1) * sizeof(bool));
+ *extra = guc_malloc(LOG, (RM_MAX_ID + 1) * sizeof(bool));
+ if (!*extra)
+ return false;
memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool));
return true;
}
if (have_error)
return false;
- myextra = (XLogRecPtr *) guc_malloc(ERROR, sizeof(XLogRecPtr));
+ myextra = (XLogRecPtr *) guc_malloc(LOG, sizeof(XLogRecPtr));
+ if (!myextra)
+ return false;
*myextra = lsn;
*extra = myextra;
}
}
}
- myextra = (RecoveryTargetTimeLineGoal *) guc_malloc(ERROR, sizeof(RecoveryTargetTimeLineGoal));
+ myextra = (RecoveryTargetTimeLineGoal *) guc_malloc(LOG, sizeof(RecoveryTargetTimeLineGoal));
+ if (!myextra)
+ return false;
*myextra = rttg;
*extra = myextra;
if (errno == EINVAL || errno == ERANGE)
return false;
- myextra = (TransactionId *) guc_malloc(ERROR, sizeof(TransactionId));
+ myextra = (TransactionId *) guc_malloc(LOG, sizeof(TransactionId));
+ if (!myextra)
+ return false;
*myextra = xid;
*extra = myextra;
}
list_free(elemlist);
result = (unsigned *) guc_malloc(LOG, sizeof(unsigned));
+ if (!result)
+ return false;
*result = options;
*extra = result;
if (!clean)
return false;
- ret = guc_strdup(WARNING, clean);
+ ret = guc_strdup(LOG, clean);
if (!ret)
{
pfree(clean);
if (!clean)
return false;
- ret = guc_strdup(WARNING, clean);
+ ret = guc_strdup(LOG, clean);
if (!ret)
{
pfree(clean);
/* GUC extra value must be guc_malloc'd, not palloc'd */
config = (SyncStandbySlotsConfigData *) guc_malloc(LOG, size);
+ if (!config)
+ return false;
/* Transform the data into SyncStandbySlotsConfigData */
config->nslotnames = list_length(elemlist);
return result;
/* Save the flags in *extra, for use by assign_debug_io_direct */
- *extra = guc_malloc(ERROR, sizeof(int));
+ *extra = guc_malloc(LOG, sizeof(int));
+ if (!*extra)
+ return false;
*((int *) *extra) = flags;
return result;
* We succeeded, so allocate `extra` and save the flags there for use by
* assign_log_connections().
*/
- *extra = guc_malloc(ERROR, sizeof(int));
+ *extra = guc_malloc(LOG, sizeof(int));
+ if (!*extra)
+ return false;
*((int *) *extra) = flags;
return true;
list_free(elemlist);
/* Save the flags in *extra, for use by the assign function */
- *extra = guc_malloc(ERROR, sizeof(int));
+ *extra = guc_malloc(LOG, sizeof(int));
+ if (!*extra)
+ return false;
*((int *) *extra) = flags;
return true;
* whitespace chars to save some memory, but it doesn't seem worth the
* trouble.
*/
- someval = guc_malloc(ERROR, newvallen + 1 + 1);
+ someval = guc_malloc(LOG, newvallen + 1 + 1);
+ if (!someval)
+ return false;
for (i = 0, j = 0; i < newvallen; i++)
{
if ((*newval)[i] == ',')
pfree(rawstring);
list_free(elemlist);
- myextra = (int *) guc_malloc(ERROR, sizeof(int));
+ myextra = (int *) guc_malloc(LOG, sizeof(int));
+ if (!myextra)
+ return false;
*myextra = newlogdest;
*extra = myextra;
strcmp(name, "pljava.vmoptions") == 0))
context = PGC_SUSET;
- gen = (struct config_generic *) guc_malloc(ERROR, sz);
+ /* As above, an OOM here is FATAL */
+ gen = (struct config_generic *) guc_malloc(FATAL, sz);
memset(gen, 0, sz);
- gen->name = guc_strdup(ERROR, name);
+ gen->name = guc_strdup(FATAL, name);
gen->context = context;
gen->group = CUSTOM_OPTIONS;
gen->short_desc = short_desc;
projects / postgresql.git / commitdiff