From 84e4570da9230d45022ef77f98b560f26eaf6916 Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Sat, 4 May 2019 16:32:19 +0900
Subject: [PATCH] Fix set of issues with memory-allocation system calls in
 frontend code

Like the backend, the frontend has wrappers on top of malloc() and such
whose use is recommended.  Particularly, it is possible to do memory
allocation without issuing an error.  Some binaries missed the use of
those wrappers, so let's fix the gap for consistency.

This also fixes two latent bugs:
- In pg_dump/pg_dumpall when parsing an ACL item, on an out-of-memory
error for strdup(), the code considered the failure as a ACL parsing
problem instead of an actual OOM.
- In pg_waldump, an OOM when building the target directory string would
cause a crash.

Author: Daniel Gustafsson
Discussion: https://postgr.es/m/gY0y9xenfoBPc-Tufsr2Zg-MmkrJslm0Tw_CMg4p_j58-k_PXNC0klMdkKQkg61BkXC9_uWo-DcUzfxnHqpkpoR5jjVZrPHqKYikcHIiONhg=@yesql.se
---
 src/bin/pg_ctl/pg_ctl.c               |  3 ++-
 src/bin/pg_dump/dumputils.c           | 12 +++++-------
 src/bin/pg_test_fsync/pg_test_fsync.c |  2 +-
 src/bin/pg_waldump/pg_waldump.c       | 10 +++++-----
 src/bin/psql/large_obj.c              |  2 +-
 5 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c
index febb076ee6..400763dea7 100644
--- a/src/bin/pg_ctl/pg_ctl.c
+++ b/src/bin/pg_ctl/pg_ctl.c
@@ -1979,7 +1979,8 @@ GetPrivilegesToDelete(HANDLE hToken)
 		return NULL;
 	}
 
-	tokenPrivs = (PTOKEN_PRIVILEGES) malloc(length);
+	tokenPrivs = (PTOKEN_PRIVILEGES) pg_malloc_extended(length,
+														MCXT_ALLOC_NO_OOM);
 	if (tokenPrivs == NULL)
 	{
 		write_stderr(_("%s: out of memory\n"), progname);
diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c
index 65e221157b..67691eb57a 100644
--- a/src/bin/pg_dump/dumputils.c
+++ b/src/bin/pg_dump/dumputils.c
@@ -481,15 +481,13 @@ parseAclItem(const char *item, const char *type,
 	char	   *slpos;
 	char	   *pos;
 
-	buf = strdup(item);
-	if (!buf)
-		return false;
+	buf = pg_strdup(item);
 
 	/* user or group name is string up to = */
 	eqpos = copyAclUserName(grantee, buf);
 	if (*eqpos != '=')
 	{
-		free(buf);
+		pg_free(buf);
 		return false;
 	}
 
@@ -501,13 +499,13 @@ parseAclItem(const char *item, const char *type,
 		slpos = copyAclUserName(grantor, slpos);
 		if (*slpos != '\0')
 		{
-			free(buf);
+			pg_free(buf);
 			return false;
 		}
 	}
 	else
 	{
-		free(buf);
+		pg_free(buf);
 		return false;
 	}
 
@@ -617,7 +615,7 @@ do { \
 			appendPQExpBuffer(privs, "(%s)", subname);
 	}
 
-	free(buf);
+	pg_free(buf);
 
 	return true;
 }
diff --git a/src/bin/pg_test_fsync/pg_test_fsync.c b/src/bin/pg_test_fsync/pg_test_fsync.c
index f702101742..83771061a4 100644
--- a/src/bin/pg_test_fsync/pg_test_fsync.c
+++ b/src/bin/pg_test_fsync/pg_test_fsync.c
@@ -170,7 +170,7 @@ handle_args(int argc, char *argv[])
 		switch (option)
 		{
 			case 'f':
-				filename = strdup(optarg);
+				filename = pg_strdup(optarg);
 				break;
 
 			case 's':
diff --git a/src/bin/pg_waldump/pg_waldump.c b/src/bin/pg_waldump/pg_waldump.c
index e106fb2ed1..f61505ade3 100644
--- a/src/bin/pg_waldump/pg_waldump.c
+++ b/src/bin/pg_waldump/pg_waldump.c
@@ -247,7 +247,7 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 	{
 		if (search_directory(directory, fname))
 		{
-			private->inpath = strdup(directory);
+			private->inpath = pg_strdup(directory);
 			return;
 		}
 
@@ -255,7 +255,7 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 		snprintf(fpath, MAXPGPATH, "%s/%s", directory, XLOGDIR);
 		if (search_directory(fpath, fname))
 		{
-			private->inpath = strdup(fpath);
+			private->inpath = pg_strdup(fpath);
 			return;
 		}
 	}
@@ -266,13 +266,13 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 		/* current directory */
 		if (search_directory(".", fname))
 		{
-			private->inpath = strdup(".");
+			private->inpath = pg_strdup(".");
 			return;
 		}
 		/* XLOGDIR */
 		if (search_directory(XLOGDIR, fname))
 		{
-			private->inpath = strdup(XLOGDIR);
+			private->inpath = pg_strdup(XLOGDIR);
 			return;
 		}
 
@@ -283,7 +283,7 @@ identify_target_directory(XLogDumpPrivate *private, char *directory,
 			snprintf(fpath, MAXPGPATH, "%s/%s", datadir, XLOGDIR);
 			if (search_directory(fpath, fname))
 			{
-				private->inpath = strdup(fpath);
+				private->inpath = pg_strdup(fpath);
 				return;
 			}
 		}
diff --git a/src/bin/psql/large_obj.c b/src/bin/psql/large_obj.c
index c12f4326e3..cecb4897f5 100644
--- a/src/bin/psql/large_obj.c
+++ b/src/bin/psql/large_obj.c
@@ -200,7 +200,7 @@ do_lo_import(const char *filename_arg, const char *comment_arg)
 		char	   *bufptr;
 		size_t		slen = strlen(comment_arg);
 
-		cmdbuf = malloc(slen * 2 + 256);
+		cmdbuf = pg_malloc_extended(slen * 2 + 256, MCXT_ALLOC_NO_OOM);
 		if (!cmdbuf)
 			return fail_lo_xact("\\lo_import", own_transaction);
 		sprintf(cmdbuf, "COMMENT ON LARGE OBJECT %u IS '", loid);