On 3/2/23 14:56, Tom Lane wrote:
> Jacob Champion <jchampion@timescale.com> writes:
>> If I've understood Tom correctly in [1], both of these guc_mallocs
>> should be using a loglevel less than ERROR, to avoid forcing a
>> postmaster exit when out of memory. (I used WARNING in that thread
>> instead, which seemed to be acceptable.)
>
> Actually, preferred practice is as seen in e.g. check_datestyle:
>
> myextra = (int *) guc_malloc(LOG, 2 * sizeof(int));
> if (!myextra)
> return false;
> myextra[0] = newDateStyle;
> myextra[1] = newDateOrder;
> *extra = (void *) myextra;
>
> which gives the guc.c functions an opportunity to manage the
> failure.
Ah, thanks for the correction. (My guc_strdup(WARNING, ...) calls may
need to be cleaned up too, then.)
--Jacob
