Participants
Peter Eisentraut
Peter Eisentraut
Tom Lane
Tom Lane
Attachments
Download Latest Patchset
+13-8
Show all attachments
Thread Outline
#1Peter EisentrautPeter Eisentraut
Sep 02, 2024
#2Tom LaneTom Laneto Peter Eisentraut (#1)
Sep 02, 2024
#3Peter EisentrautPeter Eisentrautto Tom Lane (#2)
Sep 04, 2024

thread-safety: strerror_r()

Started by Peter Eisentrautover 1 year ago3 messageshackers
Jump to latest
#1Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net

There are only a few (not necessarily thread-safe) strerror() calls in
the backend; most other potential users use %m in a format string.

In two cases, the reason for using strerror() was that we needed to
print the error message twice, and so errno has to be reset for the
second time. And/or some of this code is from before snprintf() gained
%m support. This can easily be simplified now.

The other is a workaround for OpenSSL that we have already handled in an
equivalent way in libpq.

(And there is one in postmaster.c, but that one is before forking.)

I think we can apply these patches now to check this off the list of
not-thread-safe functions to check.

Attachments:

0001-Remove-a-couple-of-strerror-calls.patchtext/plain; charset=UTF-8; name=0001-Remove-a-couple-of-strerror-calls.patchDownload+8-5
0002-Avoid-strerror.patchtext/plain; charset=UTF-8; name=0002-Avoid-strerror.patchDownload+5-3
#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Peter Eisentraut (#1)
Re: thread-safety: strerror_r()

Peter Eisentraut <peter@eisentraut.org> writes:

I think we can apply these patches now to check this off the list of
not-thread-safe functions to check.

+1 for the first patch. I'm less happy with

-	static char errbuf[36];
+	static char errbuf[128];

As a minor point, shouldn't this be

+ static char errbuf[PG_STRERROR_R_BUFLEN];

But the bigger issue is that the use of a static buffer makes
this not thread-safe, so having it use strerror_r to fill that
buffer is just putting lipstick on a pig. If we really want
to make this thread-ready, we need to adopt the approach used
in libpq's fe-secure-openssl.c, where callers have to free the
buffer later. Or maybe we could just palloc the result, and
trust that it's not in a long-lived context?

regards, tom lane

#3Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Tom Lane (#2)
Re: thread-safety: strerror_r()

On 02.09.24 21:56, Tom Lane wrote:

Peter Eisentraut <peter@eisentraut.org> writes:

I think we can apply these patches now to check this off the list of
not-thread-safe functions to check.

+1 for the first patch. I'm less happy with

-	static char errbuf[36];
+	static char errbuf[128];

As a minor point, shouldn't this be

+ static char errbuf[PG_STRERROR_R_BUFLEN];

But the bigger issue is that the use of a static buffer makes
this not thread-safe, so having it use strerror_r to fill that
buffer is just putting lipstick on a pig. If we really want
to make this thread-ready, we need to adopt the approach used
in libpq's fe-secure-openssl.c, where callers have to free the
buffer later. Or maybe we could just palloc the result, and
trust that it's not in a long-lived context?

Ok, I have committed the first patch. We can think about the best
solution for the second issue when we get to the business end of all
this. The current situation doesn't really prevent making any progress
on that.

← Back to Topics