Comment on expectations for AutoVacuumWorkItem handlers.

This might prevent a repeat of the brin_summarize_range() vulnerability
that commit a117cebd638dd02e5c2e791c25e43745f233111b fixed.

diff --git a/src/backend/postmaster/autovacuum.c b/src/backend/postmaster/autovacuum.c
index c0e2e00a7e3e6cdbea9cfc568db2d8e6469252a7..585d28148cabf30f480e1aa2b2e46ab59cbce538 100644 (file)
--- a/src/backend/postmaster/autovacuum.c
+++ b/src/backend/postmaster/autovacuum.c
@@ -2655,7 +2655,10 @@ perform_work_item(AutoVacuumWorkItem *workitem)
                /* Use PortalContext for any per-work-item allocations */
                MemoryContextSwitchTo(PortalContext);
 
-               /* have at it */
+               /*
+                * Have at it.  Functions called here are responsible for any required
+                * user switch and sandbox.
+                */
                switch (workitem->avw_type)
                {
                        case AVW_BRINSummarizeRange: