On Sun, May 27, 2018 at 4:21 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> ... So that seems like a rather high price to
> pay to deal with what, at present, is a purely hypothetical hazard.
> (Basically what this would protect against is elog_start changing errno,
> which it doesn't.)
Hmm. It looks like errstart() preserves errno to protect %m not from
itself, but from the caller's other arguments to the elog facility.
That seems reasonable, but do we really need to prohibit direct use of
errno in expressions? The only rogue actor likely to trash errno is
you, the caller. I mean, if you call elog(LOG, "foo %d %d", errno,
fsync(bar)) it's obviously UB and your own fault, but who would do
anything like that? Or maybe I misunderstood the motivation.
> Another approach we could consider is keeping exec.c's one-off approach
> to error handling and letting it redefine pg_prevent_errno_in_scope() as
> empty. But that's ugly.
>
> Or we could make the affected call sites work like this:
>
> int save_errno = errno;
>
> log_error(_("could not identify current directory: %s"),
> strerror(save_errno));
>
> which on the whole might be the most expedient thing.
That was what I was going to propose, until I started wondering why we
need to do anything here.
--
Thomas Munro
http://www.enterprisedb.com