On Mon, 16 Oct 2023 at 05:56, Tom Lane <[email protected]> wrote:
> * in initStringInfoFromString, str->maxlen must be set to len+1 not len
>
> * comment in exec_bind_message doesn't look like pgindent will like it
>
> * same in record_recv, plus it has a misspelling "Initalize"
>
> * in stringinfo.c, inclusion of pg_bitutils.h seems no longer needed
Thank you for looking again. I've addressed all of these in the attached.
> I guess the next question is whether we want to stop here or
> try to relax the requirement about NUL-termination. I'd be inclined
> to call that a separate issue deserving a separate commit, so maybe
> we should go ahead and commit this much anyway.
I am keen to see this relaxed. I agree that a separate effort is best.
David
diff --git a/src/backend/replication/logical/proto.c
b/src/backend/replication/logical/proto.c
index d52c8963eb..ce9d5b4059 100644
--- a/src/backend/replication/logical/proto.c
+++ b/src/backend/replication/logical/proto.c
@@ -879,6 +879,7 @@ logicalrep_read_tuple(StringInfo in, LogicalRepTupleData
*tuple)
/* Read the data */
for (i = 0; i < natts; i++)
{
+ char *buff;
char kind;
int len;
StringInfo value = &tuple->colvalues[i];
@@ -899,19 +900,16 @@ logicalrep_read_tuple(StringInfo in, LogicalRepTupleData
*tuple)
len = pq_getmsgint(in, 4); /* read length
*/
/* and data */
- value->data = palloc(len + 1);
- pq_copymsgbytes(in, value->data, len);
+ buff = palloc(len + 1);
+ pq_copymsgbytes(in, buff, len);
/*
* Not strictly necessary for
LOGICALREP_COLUMN_BINARY, but
* per StringInfo practice.
*/
- value->data[len] = '\0';
+ buff[len] = '\0';
- /* make StringInfo fully valid */
- value->len = len;
- value->cursor = 0;
- value->maxlen = len;
+ initStringInfoFromString(value, buff, len);
break;
default:
elog(ERROR, "unrecognized data representation
type '%c'", kind);
diff --git a/src/backend/replication/logical/worker.c
b/src/backend/replication/logical/worker.c
index 597947410f..b574188d70 100644
--- a/src/backend/replication/logical/worker.c
+++ b/src/backend/replication/logical/worker.c
@@ -3582,10 +3582,7 @@ LogicalRepApplyLoop(XLogRecPtr last_received)
/* Ensure we are reading the data into
our memory context. */
MemoryContextSwitchTo(ApplyMessageContext);
- s.data = buf;
- s.len = len;
- s.cursor = 0;
- s.maxlen = -1;
+ initReadOnlyStringInfo(&s, buf, len);
c = pq_getmsgbyte(&s);
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index c900427ecf..7c0355cb2d 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -1817,23 +1817,20 @@ exec_bind_message(StringInfo input_message)
if (!isNull)
{
- const char *pvalue =
pq_getmsgbytes(input_message, plength);
+ char *pvalue;
/*
- * Rather than copying data around, we just set
up a phony
+ * Rather than copying data around, we just
initialize a
* StringInfo pointing to the correct portion
of the message
* buffer. We assume we can scribble on the
message buffer so
* as to maintain the convention that
StringInfos have a
* trailing null. This is grotty but is a big
win when
* dealing with very large parameter strings.
*/
- pbuf.data = unconstify(char *, pvalue);
- pbuf.maxlen = plength + 1;
- pbuf.len = plength;
- pbuf.cursor = 0;
-
- csave = pbuf.data[plength];
- pbuf.data[plength] = '\0';
+ pvalue = unconstify(char *,
pq_getmsgbytes(input_message, plength));
+ csave = pvalue[plength];
+ pvalue[plength] = '\0';
+ initReadOnlyStringInfo(&pbuf, pvalue, plength);
}
else
{
diff --git a/src/backend/utils/adt/rowtypes.c b/src/backend/utils/adt/rowtypes.c
index ad176651d8..a941a76ff3 100644
--- a/src/backend/utils/adt/rowtypes.c
+++ b/src/backend/utils/adt/rowtypes.c
@@ -623,21 +623,19 @@ record_recv(PG_FUNCTION_ARGS)
}
else
{
+ char *strbuff;
+
/*
- * Rather than copying data around, we just set up a
phony
- * StringInfo pointing to the correct portion of the
input buffer.
- * We assume we can scribble on the input buffer so as
to maintain
- * the convention that StringInfos have a trailing null.
+ * Initialize a new StringInfo using the correct
portion of the
+ * input buffer. We assume we can scribble on the
input buffer so
+ * as to maintain the convention that StringInfos have
a trailing
+ * null.
*/
- item_buf.data = &buf->data[buf->cursor];
- item_buf.maxlen = itemlen + 1;
- item_buf.len = itemlen;
- item_buf.cursor = 0;
-
+ strbuff = &buf->data[buf->cursor];
buf->cursor += itemlen;
-
csave = buf->data[buf->cursor];
buf->data[buf->cursor] = '\0';
+ initReadOnlyStringInfo(&item_buf, strbuff, itemlen);
bufptr = &item_buf;
nulls[i] = false;
diff --git a/src/common/stringinfo.c b/src/common/stringinfo.c
index 05b22b5c53..a6a05e2f91 100644
--- a/src/common/stringinfo.c
+++ b/src/common/stringinfo.c
@@ -70,10 +70,16 @@ initStringInfo(StringInfo str)
*
* Reset the StringInfo: the data buffer remains valid, but its
* previous content, if any, is cleared.
+ *
+ * Read-only StringInfos as initialized by initReadOnlyStringInfo cannot be
+ * reset.
*/
void
resetStringInfo(StringInfo str)
{
+ /* Don't allow resets of read-only StringInfos */
+ Assert(str->maxlen != 0);
+
str->data[0] = '\0';
str->len = 0;
str->cursor = 0;
@@ -284,6 +290,9 @@ enlargeStringInfo(StringInfo str, int needed)
{
int newlen;
+ /* Validate this is not a read-only StringInfo */
+ Assert(str->maxlen != 0);
+
/*
* Guard against out-of-range "needed" values. Without this, we can get
* an overflow or infinite loop in the following.
diff --git a/src/include/lib/stringinfo.h b/src/include/lib/stringinfo.h
index 36a416f8e0..184fc1d522 100644
--- a/src/include/lib/stringinfo.h
+++ b/src/include/lib/stringinfo.h
@@ -27,10 +27,18 @@
* maxlen is the allocated size in bytes of 'data', i.e. the
maximum
* string size (including the terminating '\0'
char) that we can
* currently store in 'data' without having to
reallocate
- * more space. We must always have maxlen > len.
- * cursor is initialized to zero by makeStringInfo or
initStringInfo,
- * but is not otherwise touched by the
stringinfo.c routines.
- * Some routines use it to scan through a
StringInfo.
+ * more space. We must always have maxlen > len,
except
+ * in the read-only case described below.
+ * cursor is initialized to zero by makeStringInfo,
initStringInfo,
+ * initReadOnlyStringInfo and
initStringInfoFromString but is not
+ * otherwise touched by the stringinfo.c routines.
Some routines
+ * use it to scan through a StringInfo.
+ *
+ * As a special case, a StringInfoData can be initialized with a read-only
+ * string buffer. In this case "data" does not necessarily point at a
+ * palloc'd chunk, and management of the buffer storage is the caller's
+ * responsibility. maxlen is set to zero to indicate that this is the case.
+ * Read-only StringInfoDatas cannot be appended to or reset.
*-------------------------
*/
typedef struct StringInfoData
@@ -45,7 +53,7 @@ typedef StringInfoData *StringInfo;
/*------------------------
- * There are two ways to create a StringInfo object initially:
+ * There are four ways to create a StringInfo object initially:
*
* StringInfo stringptr = makeStringInfo();
* Both the StringInfoData and the data buffer are palloc'd.
@@ -56,8 +64,31 @@ typedef StringInfoData *StringInfo;
* This is the easiest approach for a StringInfo object that will
* only live as long as the current routine.
*
+ * StringInfoData string;
+ * initReadOnlyStringInfo(&string, existingbuf, len);
+ * The StringInfoData's data field is set to point directly to the
+ * existing buffer and the StringInfoData's len is set to the
given len.
+ * The given buffer can point to memory that's not managed by
palloc or
+ * is pointing partway through a palloc'd chunk. The maxlen field
is set
+ * to 0. A read-only StringInfo cannot be appended to using any
of the
+ * appendStringInfo functions or reset with resetStringInfo().
The given
+ * buffer must be NUL-terminated.
+ *
+ * StringInfoData string;
+ * initStringInfoFromString(&string, palloced_buf, len);
+ * The StringInfoData's data field is set to point directly to the
given
+ * buffer and the StringInfoData's len is set to the given len.
This
+ * method of initialization is useful when the buffer already
exists.
+ * StringInfos initialized this way can be appended to using the
+ * appendStringInfo functions and reset with resetStringInfo().
The
+ * given buffer must be NUL-terminated. The palloc'd buffer is
assumed
+ * to be len + 1 in size.
+ *
* To destroy a StringInfo, pfree() the data buffer, and then pfree() the
* StringInfoData if it was palloc'd. There's no special support for this.
+ * However, if the StringInfo was initialized using initReadOnlyStringInfo()
+ * then the caller will need to consider if it is safe to pfree the data
+ * buffer.
*
* NOTE: some routines build up a string using StringInfo, and then
* release the StringInfoData but return the data string itself to their
@@ -79,6 +110,49 @@ extern StringInfo makeStringInfo(void);
*/
extern void initStringInfo(StringInfo str);
+/*------------------------
+ * initReadOnlyStringInfo
+ * Initialize a StringInfoData struct from an existing string without copying
+ * the string. The caller is responsible for ensuring the given string
+ * remains valid as long as the StringInfoData does. The given string must be
+ * NUL terminated at 'len' bytes. Calls to this are used in performance
+ * critical locations where allocating a new buffer and copying would be too
+ * costly. Read-only StringInfoData's may not be appended to using any of the
+ * appendStringInfo functions or reset with resetStringInfo().
+ *
+ * 'data' does not need to point directly to a palloc'd chunk of memory.
+ */
+static inline void
+initReadOnlyStringInfo(StringInfo str, char *data, int len)
+{
+ Assert(data[len] == '\0');
+
+ str->data = data;
+ str->len = len;
+ str->maxlen = 0; /* read-only */
+ str->cursor = 0;
+}
+
+/*------------------------
+ * initStringInfoFromString
+ * Initialize a StringInfoData struct from an existing string without copying
+ * the string. 'data' must be a valid palloc'd chunk of memory that can have
+ * repalloc() called should more space be required during a call to any of the
+ * appendStringInfo functions.
+ *
+ * 'data' must be NUL terminated at 'len' bytes.
+ */
+static inline void
+initStringInfoFromString(StringInfo str, char *data, int len)
+{
+ Assert(data[len] == '\0');
+
+ str->data = data;
+ str->len = len;
+ str->maxlen = len + 1;
+ str->cursor = 0;
+}
+
/*------------------------
* resetStringInfo
* Clears the current content of the StringInfo, if any. The
