Run input function allowing soft errors only

mkindahl · mkindahl · commit d724332c2008 · 2025-04-01T11:26:08.000+02:00
When parsing WITH clause arguments for ALTER TABLE to extract
compression parameters, syntax errors in the text format are caught
using PG_TRY and PG_CATCH and then returning an indication if the parse
succeeded or not.

If an out of memory error occurs inside execution of the input function
and this error is caught, it can continue executing and potentially
cause cascading out of memory errors and in the end exhausing the error
stack.

This commit solves this by using checking the category of the thrown
error and only allow errors in the data exception category, which are
"soft" errors in this case. Hard errors, like out-of-memory errors,
are re-thrown allowing the backend to deal with it properly.
diff --git a/src/with_clause_parser.c b/src/with_clause_parser.c
@@ -140,6 +140,7 @@ parse_arg(WithClauseDefinition arg, DefElem *def)
 	Datum val;
 	Oid in_fn;
 	Oid typIOParam;
+	MemoryContext ccxt = CurrentMemoryContext;
 
 	if (!OidIsValid(arg.type_id))
 		ereport(ERROR,
@@ -161,12 +162,34 @@ parse_arg(WithClauseDefinition arg, DefElem *def)
 
 	Assert(OidIsValid(in_fn));
 
+	/*
+	 * We could use InputFunctionCallSafe() here but this is just supported
+	 * for PG16 and later, so we opt for checking if the failure is what we
+	 * expected and re-throwing the error otherwise.
+	 */
 	PG_TRY();
 	{
 		val = OidInputFunctionCall(in_fn, value, typIOParam, -1);
 	}
 	PG_CATCH();
 	{
+		MemoryContext ecxt = MemoryContextSwitchTo(ccxt);
+		ErrorData *edata = CopyErrorData();
+		/*
+		 * All syntax errors are in the data exception category. These we can
+		 * deal with, but if the error is an insufficient resources category,
+		 * for example, an out of memory error, we should just re-throw it.
+		 *
+		 * Errors in other categories are unlikely, but we cannot do anything
+		 * with them anyway, so just re-throw them as well.
+		 */
+		if (ERRCODE_TO_CATEGORY(edata->sqlerrcode) != ERRCODE_DATA_EXCEPTION)
+		{
+			FreeErrorData(edata);
+			MemoryContextSwitchTo(ecxt);
+			PG_RE_THROW();
+		}
+
 		Form_pg_type typetup;
 		HeapTuple tup = SearchSysCache1(TYPEOID, ObjectIdGetDatum(arg.type_id));
 		if (!HeapTupleIsValid(tup))
