Remove dependency to system calls for memory allocation in refint

Failures in allocations could lead to crashes with NULL pointer
dereferences .  Memory context TopMemoryContext is used instead to keep
alive the plans allocated in the session.  A more specific context could
be used here, but this is left for later.

Reported-by: Jian Zhang
Author: Michael Paquier
Reviewed-by: Tom Lane, Andres Freund
Discussion: https://postgr.es/m/16190-70181c803641c3dc@postgresql.org

diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c
index adf0490f8539b0fa7ac5016052b9761021c5e225..6fbfef2b12167f46b0c58555f8e6a98afd8fbfac 100644 (file)
--- a/contrib/spi/refint.c
+++ b/contrib/spi/refint.c
@@ -12,6 +12,7 @@
 #include "commands/trigger.h"
 #include "executor/spi.h"
 #include "utils/builtins.h"
+#include "utils/memutils.h"
 #include "utils/rel.h"
 
 PG_MODULE_MAGIC;
@@ -186,12 +187,13 @@ check_primary_key(PG_FUNCTION_ARGS)
 
        /*
         * Remember that SPI_prepare places plan in current memory context -
-        * so, we have to save plan in Top memory context for later use.
+        * so, we have to save plan in TopMemoryContext for later use.
         */
        if (SPI_keepplan(pplan))
            /* internal error */
            elog(ERROR, "check_primary_key: SPI_keepplan failed");
-       plan->splan = (SPIPlanPtr *) malloc(sizeof(SPIPlanPtr));
+       plan->splan = (SPIPlanPtr *) MemoryContextAlloc(TopMemoryContext,
+                                                       sizeof(SPIPlanPtr));
        *(plan->splan) = pplan;
        plan->nplans = 1;
    }
@@ -417,7 +419,8 @@ check_foreign_key(PG_FUNCTION_ARGS)
        char        sql[8192];
        char      **args2 = args;
 
-       plan->splan = (SPIPlanPtr *) malloc(nrefs * sizeof(SPIPlanPtr));
+       plan->splan = (SPIPlanPtr *) MemoryContextAlloc(TopMemoryContext,
+                                                       nrefs * sizeof(SPIPlanPtr));
 
        for (r = 0; r < nrefs; r++)
        {
@@ -614,6 +617,13 @@ find_plan(char *ident, EPlan **eplan, int *nplans)
 {
    EPlan      *newp;
    int         i;
+   MemoryContext oldcontext;
+
+   /*
+    * All allocations done for the plans need to happen in a session-safe
+    * context.
+    */
+   oldcontext = MemoryContextSwitchTo(TopMemoryContext);
 
    if (*nplans > 0)
    {
@@ -623,20 +633,24 @@ find_plan(char *ident, EPlan **eplan, int *nplans)
                break;
        }
        if (i != *nplans)
+       {
+           MemoryContextSwitchTo(oldcontext);
            return (*eplan + i);
-       *eplan = (EPlan *) realloc(*eplan, (i + 1) * sizeof(EPlan));
+       }
+       *eplan = (EPlan *) repalloc(*eplan, (i + 1) * sizeof(EPlan));
        newp = *eplan + i;
    }
    else
    {
-       newp = *eplan = (EPlan *) malloc(sizeof(EPlan));
+       newp = *eplan = (EPlan *) palloc(sizeof(EPlan));
        (*nplans) = i = 0;
    }
 
-   newp->ident = strdup(ident);
+   newp->ident = pstrdup(ident);
    newp->nplans = 0;
    newp->splan = NULL;
    (*nplans)++;
 
+   MemoryContextSwitchTo(oldcontext);
    return newp;
 }