git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Sat, 26 Sep 2020 20:04:06 +0000 (16:04 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Sat, 26 Sep 2020 20:04:06 +0000 (16:04 -0400)
commit	bda32733ceeb0687ee5a1e734005270b1dee66a7
tree	7b113ce8ca7e513daf41f42f2790a192c49f173f	tree \| snapshot
parent	fb93f784fc9c31f12361462653d325fdce01207d	commit \| diff

Revise RelationBuildRowSecurity() to avoid memory leaks.

This function leaked some memory while loading qual clauses for
an RLS policy. While ordinarily negligible, that could build up
in some repeated-reload cases, as reported by Konstantin Knizhnik.
We can improve matters by borrowing the coding long used in
RelationBuildRuleLock: build stringToNode's result directly in
the target context, and remember to explicitly pfree the
input string.

This patch by no means completely guarantees zero leaks within
this function, since we have no real guarantee that the catalog-
reading subroutines it calls don't leak anything. However,
practical tests suggest that this is enough to resolve the issue.
In any case, any remaining leaks are similar to those risked by
RelationBuildRuleLock and other relcache-loading subroutines.
If we need to fix them, we should adopt a more global approach
such as that used by the RECOVER_RELATION_BUILD_MEMORY hack.

While here, let's remove the need for an expensive PG_TRY block by
using MemoryContextSetParent to reparent an initially-short-lived
context for the RLS data.

Back-patch to all supported branches.

Discussion: https://postgr.es/m/21356c12-8917-8249-b35f-1c447231922b@postgrespro.ru