I just noticed that the GiST functions that write WAL records,
gistXLogSplit and gistXLogUpdate, call palloc while in a critical
section. That's bad because a palloc can fail if you run out of memory,
and if that happens in a critical section, you get a PANIC. It's a small
risk in practice, but we ought to fix it anyway.
The functions went through some refactoring in 9.1, but earlier versions
had the same issue.
Most XLogInsert callers allocate all the memory they need in stack, as
local variables. That's how we should fix these too. We'll need some
upper limit on the amount of memory needed, and use that to size the
variables.
gistXLogSplit needs two XLogRecData for each page in the split. There is
no theoretical limit for that, although in practice more than 3-4 would
be extraordinary. Currently, it's only limited by the number of LWLocks
that can be held simultaneously. Let's add an explicit limit on that.
So, attached is a patch to fix this. This should apply to 9.1 - master
easily, but 9.0 and 8.4 will need some adjustment.
- Heikki
