Re: [PATCH] Detect escape of ErrorContextCallback stack pointers (and from PG_TRY() )

Craig Ringer <craig@2ndquadrant.com> writes:
> Example here:
> https://github.com/ringerc/scrapcode/tree/master/c/clang_return_stack_checks
> So I find that actually, the __attribute__((callback(fn)) approach is
> unnecessary for the purpose proposed.

I tested this by injecting some faults of the described sort.

diff --git a/src/backend/commands/copy.c b/src/backend/commands/copy.c
index db7d24a511..eaf7716816 100644
--- a/src/backend/commands/copy.c
+++ b/src/backend/commands/copy.c
@@ -3025,6 +3025,8 @@ CopyFrom(CopyState cstate)

                        myslot = CopyMultiInsertInfoNextFreeSlot(&multiInsertInfo,

resultRelInfo);
+                       if (!myslot)
+                         return 0;
                }

                /*

leads to

/home/tgl/pgsql/src/backend/commands/copy.c:3029:6: warning: Address of stack memory associated with local variable
'errcallback'is still referred to by the global variable 'error_context_stack' upon returning to the caller.  This will
bea dangling reference 
                          return 0;
                          ^~~~~~~~

So that's good.  However, a similar experiment with returning from inside
a PG_TRY does *not* produce a warning.  I suspect maybe the compiler
throws up its hands when it sees sigsetjmp?

(These results from clang 10.0.0 on Fedora 32.)

            regards, tom lane