Don't capture hard errors for old cagg format

If an error occurs inside the deserialization function for continuous
aggregates, we are using the old numeric format and this was captured
inside `inner_agg_deserialize` and the format was "repaired". However,
this captured hard errors as well, which can cause cascading errors if
execution continues after the error.

This commit fixes that by capturing data exception errors, internal
error (which is the default for elog()) and protocol error (c.f.
`pq_getmsgint64` used by `numeric_deserialize`), but re-throwing all
other errors.

Author: mkindahl

.unreleased/pr_7903

@@ -0,0 +1 @@
+Fixes: #7903 Don't capture hard errors for old cagg format

tsl/src/partialize_finalize.c

@@ -16,6 +16,7 @@
 #include <utils/builtins.h>
 #include <utils/datum.h>
 #include <utils/fmgroids.h>
+#include <utils/resowner.h>
 #include <utils/syscache.h>
 
 #include "partialize_finalize.h"
@@ -260,24 +261,55 @@ inner_agg_deserialize(FACombineFnMeta *combine_meta, bytea *volatile serialized_
 		deser_fcinfo->isnull = false;
 
 		/*
-		 * When an exception is thrown and longjmp() is called, CurrentMemoryContext is potentially
-		 * different than what it was inside the PG_TRY() block below.
+		 * When an exception is thrown and longjmp() is called,
+		 * CurrentMemoryContext is potentially different than what it was
+		 * inside the PG_TRY() block below.
 		 *
-		 * Restore it to the old value so that the code in the subsequent PG_CATCH() block does not
-		 * corrupt the memory.
+		 * Restore it to the old value so that the code in the subsequent
+		 * PG_CATCH() block does not corrupt the memory.
 		 *
-		 * No need for volatile variables since we don't modify any of this function's stack frame
-		 * inside the PG_TRY() block.
+		 * No need for volatile variables since we don't modify any of this
+		 * function's stack frame inside the PG_TRY() block.
+		 *
+		 * We create a subtransaction to run the functions below, in case they
+		 * abort.
 		 */
 		MemoryContext oldcontext = CurrentMemoryContext;
+		ResourceOwner oldowner = CurrentResourceOwner;
+		BeginInternalSubTransaction(NULL);
 		PG_TRY();
 		{
 			deserialized = FunctionCallInvoke(deser_fcinfo);
+			ReleaseCurrentSubTransaction();
+			MemoryContextSwitchTo(oldcontext);
+			CurrentResourceOwner = oldowner;
 		}
 		PG_CATCH();
 		{
-			CurrentMemoryContext = oldcontext;
+			const int sqlerrcode = geterrcode();
+
+			/*
+			 * If we get a data exception category error or a protocol
+			 * violation or an internal error (which is generated by default
+			 * when using elog()), the format is wrong and we can attempt to
+			 * repair it by switching to a different function for
+			 * deserializing.
+			 *
+			 * If the error is an insufficient resources category we should
+			 * *not* continue executing.
+			 *
+			 * Errors in other categories are not expected, but we cannot do
+			 * anything with them anyway, so just re-throw them too.
+			 */
+			if (ERRCODE_TO_CATEGORY(sqlerrcode) != ERRCODE_DATA_EXCEPTION &&
+				sqlerrcode != ERRCODE_PROTOCOL_VIOLATION && sqlerrcode != ERRCODE_INTERNAL_ERROR)
+			{
+				PG_RE_THROW();
+			}
 			FlushErrorState();
+			RollbackAndReleaseCurrentSubTransaction();
+			MemoryContextSwitchTo(oldcontext);
+			CurrentResourceOwner = oldowner;
 			/* attempt to repair the serialized partial */
 			serialized_partial =
 				sanitize_serialized_partial(combine_meta->deserialfnoid, serialized_partial);