"Tom Lane" <tgl@sss.pgh.pa.us> writes
> "Qingqing Zhou" <zhouqq@cs.toronto.edu> writes:
> > In general, code snippet like this:
>
> > if (hash_search(..., HASH_ENTER, ...) == NULL)
> > action_except_elog__ERROR__;
>
> > are considered unsafe if: (1) the allocation method of the target hash
table
> > could elog(ERROR) themselves and (2) the reaction to the failure of
> > hash_search() is not elog(ERROR).
>
> I've made some changes to hopefully prevent this type of thinko again.
> Thanks for spotting it.
>
I am afraid the problem are not limited to hash_search(). Any code snippet
are not proteced by critical section like this:
Assert(CritSectionCount == 0); ret = do_something_might_elog_error(); if (is_not_expected(ret))
action_raise_error_higher_than_ERROR;
are all need to re-considered. For example,
---file = AllocateFile(full_path, "r");if (!file){ if (errno == ENOENT) ereport(FATAL,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("\"%s\" is not a valid data directory", path),
errdetail("File\"%s\" is missing.", full_path))); else ereport(FATAL, (errcode_for_file_access(),
errmsg("couldnot open file \"%s\": %m", full_path)));}
---
AllocateFile() itself could raise an error so we increase error level to
FATAL.
Regards,
Qingqing