Defend against crash while processing Describe Statement or Describe Portal

messages, when client attempts to execute these outside a transaction (start
one) or in a failed transaction (reject message, except for COMMIT/ROLLBACK
statements which we can handle).  Per report from Francisco Figueiredo Jr.

1 files changed, 51 insertions, 2 deletions

diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index 0526d3c8331..6f424f0976b 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/tcop/postgres.c,v 1.375.2.4 2005/11/10 00:31:59 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/tcop/postgres.c,v 1.375.2.5 2005/12/14 17:07:00 tgl Exp $
  *
  * NOTES
  *	  this is the "main" module of the postgres backend and
@@ -1644,6 +1644,15 @@ exec_describe_statement_message(const char *stmt_name)
 	List	   *l;
 	StringInfoData buf;
 
+	/*
+	 * Start up a transaction command. (Note that this will normally change
+	 * current memory context.) Nothing happens if we are already in one.
+	 */
+	start_xact_command();
+
+	/* Switch back to message context */
+	MemoryContextSwitchTo(MessageContext);
+
 	/* Find prepared statement */
 	if (stmt_name[0] != '\0')
 		pstmt = FetchPreparedStatement(stmt_name, true);
@@ -1657,6 +1666,22 @@ exec_describe_statement_message(const char *stmt_name)
 				   errmsg("unnamed prepared statement does not exist")));
 	}
 
+	/*
+	 * If we are in aborted transaction state, we can't safely create a result
+	 * tupledesc, because that needs catalog accesses.  Hence, refuse to
+	 * Describe statements that return data.  (We shouldn't just refuse all
+	 * Describes, since that might break the ability of some clients to issue
+	 * COMMIT or ROLLBACK commands, if they use code that blindly Describes
+	 * whatever it does.)  We can Describe parameters without doing anything
+	 * dangerous, so we don't restrict that.
+	 */
+	if (IsAbortedTransactionBlockState() &&
+		PreparedStatementReturnsTuples(pstmt))
+		ereport(ERROR,
+				(errcode(ERRCODE_IN_FAILED_SQL_TRANSACTION),
+				 errmsg("current transaction is aborted, "
+						"commands ignored until end of transaction block")));
+
 	if (whereToSendOutput != Remote)
 		return;					/* can't actually do anything... */
 
@@ -1703,12 +1728,36 @@ exec_describe_portal_message(const char *portal_name)
 {
 	Portal		portal;
 
+	/*
+	 * Start up a transaction command. (Note that this will normally change
+	 * current memory context.) Nothing happens if we are already in one.
+	 */
+	start_xact_command();
+
+	/* Switch back to message context */
+	MemoryContextSwitchTo(MessageContext);
+
 	portal = GetPortalByName(portal_name);
 	if (!PortalIsValid(portal))
 		ereport(ERROR,
 				(errcode(ERRCODE_UNDEFINED_CURSOR),
 				 errmsg("portal \"%s\" does not exist", portal_name)));
 
+	/*
+	 * If we are in aborted transaction state, we can't run
+	 * SendRowDescriptionMessage(), because that needs catalog accesses.
+	 * Hence, refuse to Describe portals that return data.  (We shouldn't just
+	 * refuse all Describes, since that might break the ability of some
+	 * clients to issue COMMIT or ROLLBACK commands, if they use code that
+	 * blindly Describes whatever it does.)
+	 */
+	if (IsAbortedTransactionBlockState() &&
+		portal->tupDesc)
+		ereport(ERROR,
+				(errcode(ERRCODE_IN_FAILED_SQL_TRANSACTION),
+				 errmsg("current transaction is aborted, "
+						"commands ignored until end of transaction block")));
+
 	if (whereToSendOutput != Remote)
 		return;					/* can't actually do anything... */
 
@@ -2715,7 +2764,7 @@ PostgresMain(int argc, char *argv[], const char *username)
 	if (!IsUnderPostmaster)
 	{
 		puts("\nPOSTGRES backend interactive interface ");
-		puts("$Revision: 1.375.2.4 $ $Date: 2005/11/10 00:31:59 $\n");
+		puts("$Revision: 1.375.2.5 $ $Date: 2005/12/14 17:07:00 $\n");
 	}
 
 	/*