Don't capture hard errors in with-clause parser

mkindahl · mkindahl · commit c028577dcfad · 2025-04-03T10:56:18.000+02:00
When parsing WITH clause arguments for ALTER TABLE to extract
compression parameters, syntax errors in the text format are caught
using PG_TRY and PG_CATCH and then returning an indication if the parse
succeeded or not.

If an out-of-memory error occurs inside execution of the input function
and this error is caught, it can continue executing and potentially
cause cascading out-of-memory errors and in the end exhausting the error
stack.

This commit solves this by using checking the category of the thrown
error and only allow errors in the data exception and the syntax errors
and access rules violation category, which are "soft" errors in this
case. Hard errors, like out-of-memory errors, are re-thrown allowing
the backend to deal with it properly.
diff --git a/.unreleased/pr_7893 b/.unreleased/pr_7893
@@ -0,0 +1 @@
+Fixes: #7893 Don't capture hard errors in with-clause parser
diff --git a/src/with_clause_parser.c b/src/with_clause_parser.c
@@ -161,12 +161,38 @@ parse_arg(WithClauseDefinition arg, DefElem *def)
 
 	Assert(OidIsValid(in_fn));
 
+	/*
+	 * We could use InputFunctionCallSafe() here but this is just supported
+	 * for PG16 and later, so we opt for checking if the failure is what we
+	 * expected and re-throwing the error otherwise.
+	 */
 	PG_TRY();
 	{
 		val = OidInputFunctionCall(in_fn, value, typIOParam, -1);
 	}
 	PG_CATCH();
 	{
+		const int sqlerrcode = geterrcode();
+		/*
+		 * We can deal with the Data Exception category and in the Syntax
+		 * Error or Access Rule Violation category, but if the error is an
+		 * insufficient resources category, for example, an out of memory
+		 * error, we should just re-throw it.
+		 *
+		 * Errors in other categories are unlikely, but we cannot do anything
+		 * with them anyway, so just re-throw them as well.
+		 */
+		if (ERRCODE_TO_CATEGORY(sqlerrcode) != ERRCODE_DATA_EXCEPTION &&
+			ERRCODE_TO_CATEGORY(sqlerrcode) != ERRCODE_SYNTAX_ERROR_OR_ACCESS_RULE_VIOLATION)
+		{
+			PG_RE_THROW();
+		}
+		FlushErrorState();
+
+		/* We are currently using the ErrorContext, but since we are going to
+		 * raise an error later, there is no reason to switch memory context
+		 * nor restore the resource owner here. */
+
 		Form_pg_type typetup;
 		HeapTuple tup = SearchSysCache1(TYPEOID, ObjectIdGetDatum(arg.type_id));
 		if (!HeapTupleIsValid(tup))

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Fixes: #7893 Don't capture hard errors in with-clause parser`