Fix error handling in pltcl_returnnext.

We can't throw elog(ERROR) out of a Tcl command procedure; we have to catch the error and return TCL_ERROR to the Tcl interpreter. pltcl_returnnext failed to meet this requirement, so that errors detected by pltcl_build_tuple_result or other functions called here led to longjmp'ing out of the Tcl interpreter and thereby leaving it in a bad state. Use the existing subtransaction support to prevent that. Oversight in commit 26abb50c, found more or less accidentally by the buildfarm thanks to the tests added in 961bed02. Report: https://postgr.es/m/30647.1483989734@sss.pgh.pa.us

Fix error handling in pltcl_returnnext.
We can't throw elog(ERROR) out of a Tcl command procedure; we have to catch the error and return TCL_ERROR to the Tcl interpreter. pltcl_returnnext failed to meet this requirement, so that errors detected by pltcl_build_tuple_result or other functions called here led to longjmp'ing out of the Tcl interpreter and thereby leaving it in a bad state. Use the existing subtransaction support to prevent that. Oversight in commit 26abb50c, found more or less accidentally by the buildfarm thanks to the tests added in 961bed02. Report: https://postgr.es/m/30647.1483989734@sss.pgh.pa.us
8c572294 · Tom Lane · 3957b58b · 8c572294
Commit 8c572294 authored Jan 09, 2017 by Tom Lane
Show whitespace changes
Inline Side-by-side

Showing with 59 additions and 40 deletions

src/pl/tcl/pltcl.c src/pl/tcl/pltcl.c +59 -40

No files found.
--- a/src/pl/tcl/pltcl.c
+++ b/src/pl/tcl/pltcl.c
@@ -299,6 +299,14 @@ static int pltcl_SPI_execute_plan(ClientData cdata, Tcl_Interp *interp,
 static int pltcl_SPI_lastoid(ClientData cdata, Tcl_Interp *interp,
 				  int objc, Tcl_Obj *const objv[]);
+static void pltcl_subtrans_begin(MemoryContext oldcontext,
+					 ResourceOwner oldowner);
+static void pltcl_subtrans_commit(MemoryContext oldcontext,
+					  ResourceOwner oldowner);
+static void pltcl_subtrans_abort(Tcl_Interp *interp,
+					 MemoryContext oldcontext,
+					 ResourceOwner oldowner);
 static void pltcl_set_tuple_values(Tcl_Interp *interp, const char *arrayname,
 					   uint64 tupno, HeapTuple tuple, TupleDesc tupdesc);
 static Tcl_Obj *pltcl_build_tuple_argument(HeapTuple tuple, TupleDesc tupdesc);
@@ -2073,9 +2081,9 @@ pltcl_returnnext(ClientData cdata, Tcl_Interp *interp,
 	pltcl_call_state *call_state = pltcl_current_call_state;
 	FunctionCallInfo fcinfo = call_state->fcinfo;
 	pltcl_proc_desc *prodesc = call_state->prodesc;
-	int			result = TCL_OK;
+	MemoryContext oldcontext = CurrentMemoryContext;
-	MemoryContext tmpcxt;
+	ResourceOwner oldowner = CurrentResourceOwner;
-	MemoryContext oldcxt;
+	volatile int result = TCL_OK;
 	/*
 	 * Check that we're called as a set-returning function
@@ -2103,16 +2111,21 @@ pltcl_returnnext(ClientData cdata, Tcl_Interp *interp,
 		return TCL_ERROR;
 	}
+	/*
+	 * The rest might throw elog(ERROR), so must run in a subtransaction.
+	 *
+	 * A small advantage of using a subtransaction is that it provides a
+	 * short-lived memory context for free, so we needn't worry about leaking
+	 * memory here.  To use that context, call BeginInternalSubTransaction
+	 * directly instead of going through pltcl_subtrans_begin.
+	 */
+	BeginInternalSubTransaction(NULL);
+	PG_TRY();
+	{
 		/* Set up tuple store if first output row */
 		if (call_state->tuple_store == NULL)
 			pltcl_init_tuple_store(call_state);
-	/* Make short-lived context to run input functions in */
-	tmpcxt = AllocSetContextCreate(CurrentMemoryContext,
-								   "pltcl_returnnext",
-								   ALLOCSET_SMALL_SIZES);
-	oldcxt = MemoryContextSwitchTo(tmpcxt);
 		if (prodesc->fn_retistuple)
 		{
 			Tcl_Obj   **rowObjv;
@@ -2147,8 +2160,14 @@ pltcl_returnnext(ClientData cdata, Tcl_Interp *interp,
 								 &retval, &isNull);
 		}
-	MemoryContextSwitchTo(oldcxt);
+		pltcl_subtrans_commit(oldcontext, oldowner);
-	MemoryContextDelete(tmpcxt);
+	}
+	PG_CATCH();
+	{
+		pltcl_subtrans_abort(interp, oldcontext, oldowner);
+		return TCL_ERROR;
+	}
+	PG_END_TRY();
 	return result;
 }