On Wed, Nov 02, 2022 at 08:00:58AM -0700, Zhihong Yu wrote:
> Looking down in ri_PerformCheck(), I see there may be case where error from
> SPI_execute_snapshot() would skip restoring UID.
> @@ -2405,13 +2405,19 @@ ri_PerformCheck(const RI_ConstraintInfo *riinfo,
> SECURITY_NOFORCE_RLS);
>
> /* Finally we can run the query. */
> - spi_result = SPI_execute_snapshot(qplan,
> - vals,
> nulls,
> -
> test_snapshot, crosscheck_snapshot,
> -
> false, false, limit);
> -
> - /* Restore UID and security context */
> - SetUserIdAndSecContext(save_userid, save_sec_context);
> + PG_TRY();
> + {
> + spi_result = SPI_execute_snapshot(qplan,
> +
> vals, nulls,
> +
> test_snapshot, crosscheck_snapshot,
> +
> false, false, limit);
> + }
> + PG_FINALLY();
> + {
> + /* Restore UID and security context */
> + SetUserIdAndSecContext(save_userid, save_sec_context);
> + }
> + PG_END_TRY();
After an error, AbortSubTransaction() or AbortTransaction() will restore
userid and sec_context. That makes such changes unnecessary.
