Run input function allowing soft errors only

mkindahl · mkindahl · commit 7fc20c2d317a · 2025-04-01T12:30:17.000+02:00
When parsing WITH clause arguments for ALTER TABLE to extract
compression parameters, syntax errors in the text format are caught
using PG_TRY and PG_CATCH and then returning an indication if the parse
succeeded or not.

If an out-of-memory error occurs inside execution of the input function
and this error is caught, it can continue executing and potentially
cause cascading out-of-memory errors and in the end exhausting the error
stack.

This commit solves this by using checking the category of the thrown
error and only allow errors in the data exception and the syntax errors
and access rules violation category, which are "soft" errors in this
case. Hard errors, like out-of-memory errors, are re-thrown allowing
the backend to deal with it properly.
diff --git a/.unreleased/pr_7893 b/.unreleased/pr_7893
@@ -0,0 +1 @@
+Fixes: #7893 Run input function only allowing soft errors
diff --git a/src/with_clause_parser.c b/src/with_clause_parser.c
@@ -140,6 +140,7 @@ parse_arg(WithClauseDefinition arg, DefElem *def)
 	Datum val;
 	Oid in_fn;
 	Oid typIOParam;
+	MemoryContext ccxt = CurrentMemoryContext;
 
 	if (!OidIsValid(arg.type_id))
 		ereport(ERROR,
@@ -161,12 +162,36 @@ parse_arg(WithClauseDefinition arg, DefElem *def)
 
 	Assert(OidIsValid(in_fn));
 
+	/*
+	 * We could use InputFunctionCallSafe() here but this is just supported
+	 * for PG16 and later, so we opt for checking if the failure is what we
+	 * expected and re-throwing the error otherwise.
+	 */
 	PG_TRY();
 	{
 		val = OidInputFunctionCall(in_fn, value, typIOParam, -1);
 	}
 	PG_CATCH();
 	{
+		MemoryContext ecxt = MemoryContextSwitchTo(ccxt);
+		ErrorData *edata = CopyErrorData();
+		/*
+		 * We can deal with the Data Exception category and in the Syntax
+		 * Error or Access Rule Violation category, but if the error is an
+		 * insufficient resources category, for example, an out of memory
+		 * error, we should just re-throw it.
+		 *
+		 * Errors in other categories are unlikely, but we cannot do anything
+		 * with them anyway, so just re-throw them as well.
+		 */
+		if (ERRCODE_TO_CATEGORY(edata->sqlerrcode) != ERRCODE_DATA_EXCEPTION &&
+			ERRCODE_TO_CATEGORY(edata->sqlerrcode) != ERRCODE_SYNTAX_ERROR_OR_ACCESS_RULE_VIOLATION)
+		{
+			FreeErrorData(edata);
+			MemoryContextSwitchTo(ecxt);
+			PG_RE_THROW();
+		}
+
 		Form_pg_type typetup;
 		HeapTuple tup = SearchSysCache1(TYPEOID, ObjectIdGetDatum(arg.type_id));
 		if (!HeapTupleIsValid(tup))

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Fixes: #7893 Run input function only allowing soft errors`